cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl and NSS

From: George Sherwood <pilot_at_beernabeer.com>
Date: Thu, 4 Dec 2008 11:02:12 -0600

On Sun, 30 Nov 2008 10:41:27 +0100 (CET)
Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Sat, 29 Nov 2008, George Sherwood wrote:
>
> > Unfortunately currently the configure is failing to find
> > pkg-config, I believe so it is executing the else portion kludge
> > defaults and failing. If I remove the if test -n "$check"; then
> > everything work fine.
> >
> > if test X"$OPT_NSS" != Xno; then
> > if test "x$OPT_NSS" = "xyes"; then
> > check=`pkg-config --version 2>/dev/null`
> > if test -n "$check"; then
>
> But how can that fail if pkg-config is in your path? pkg-config
> --version should output a version number to stdout and thus test -n
> should evaluate true there. Doesn't it?

Sorry, it was a mistake our distro was making. Probably from long ago
by setting options such as --with-ssl=/usr Got it working correctly
now.

>
> GnuTLS should work pretty much exactly the same as OpenSSL when it
> comes to the ca cert bundle and how that's used. NSS however is
> different: NSS doesn't support reading and using a CA cert bundle in
> the PEM format as both OpenSSL and GnuTLS do. The Fedora patch I
> mentioned before brings this ability to NSS.
>
> Unfortunately, there hasn't exactly been a race in the NSS team to
> get this merged into the main code.
>
> This has the side-effect that libcurl built with NSS needs a
> NSS-style (sqlite?) database present with the ca cert bundle. I dont
> know how to convert a PEM ca cert bundle into such a database.
>
> Unless you use NSS with the Fedora-patch.
>

I applied the Fedora nss patches and now curl works uses NSS to provide
SSL.

George

-- 
George Sherwood
Source Mage GNU/Linux Lead Developer
http://www.sourcemage.org

Received on 2008-12-04