curl-library
Re: NSS support quirks
Date: Fri, 13 Jun 2008 15:59:53 +0200
Hi,
sorry for the lack of testings regarding nss.
A patch is provided at the end.
> nss.c: In function 'nss_load_crl':
> nss.c:421: warning: implicit declaration of function
'ATOB_ConvertAsciiToItem'
> nss.c:421: warning: nested extern declaration of 'ATOB_ConvertAsciiToItem'
> nss.c:442: warning: implicit declaration of function 'SEC_DestroyCrl'
> nss.c:442: warning: nested extern declaration of 'SEC_DestroyCrl'
> nss.c: At top level:
> nss.c:746: warning: unused parameter 'conn'
add in nss.c:
#include "certdb.h" /* for SEC_DestroyCrl */
#include "nss/base64.h" /* for ATOB_ConvertAsciiToItem */
the nss/ prefix is needed because curl already has a base64.h file that
will be chosen instead of the nss one otherwise...
(works for me because nss includes are in /usr/include of course but
for local nss installations it will fail unless the proper -Ipath is added.)
> ../lib/.libs/libcurl.a(nss.o): In function `check_issuer_cert':
> /home/daniel/src/curl/lib/nss.c:769: undefined reference to
> `CERT_CompareCerts'
> collect2: ld returned 1 exit status
ok, CERT_CompareCerts is not exported...
may be its better to use item comparison rather than to take it from
certdb.c or ocsp.c
in nss.c, replace
else if (CERT_CompareCerts(cert_issuer,issuer)==PR_FALSE)
by
else if (SECITEM_CompareItem(&cert_issuer->derCert,
&issuer->derCert)!=SECEqual)
PATCH:
---------------------
Index: lib/nss.c
===================================================================
--- lib.orig/nss.c 2008-06-13 15:28:40.000000000 +0200
+++ lib/nss.c 2008-06-13 15:43:31.000000000 +0200
@@ -65,6 +65,8 @@
#include "memory.h"
#include "easyif.h" /* for Curl_convert_from_utf8 prototype */
+#include "certdb.h" /* for SEC_Destroy prototype */
+#include "nss/base64.h" /* for ATOB_ConvertAsciiToItem prototype */
/* The last #include file should be: */
#include "memdebug.h"
@@ -766,7 +768,7 @@
if ((!cert_issuer) || (!issuer))
res = SECFailure;
- else if (CERT_CompareCerts(cert_issuer,issuer)==PR_FALSE)
+ else if (SECITEM_CompareItem(&cert_issuer->derCert,
&issuer->derCert)!=SECEqual)
res = SECFailure;
CERT_DestroyCertificate(cert);
-------------------------
Received on 2008-06-13