On Monday 31 of August 2009 23:20:06 Guenter wrote:
> > Gün, as for the not working binary, the problem seems to be lack of the
> > PEM reader module on WIN32. It's used even to read the CA bundle. I am
> > going to come with an alternative solution in a week or two. We can
> > either use the NSS built-in root certificates and/or read them from the
> > NSS database. I doubt the PEM reader is portable on a non-linux platform
> > right now.
>
> I got same binary meanwhile working at least on Linux with wine:
> created a folder ./etc/pki/nssdb with the cert8.db, and was then able to
> access my own site with -k (insecure) + another site with SSL cert from
> official CA; so as it looks it might now only be a path prob to get it
> working natively on Win32; I tried already to put the etc folder on the
> system root, and also into windows/system32/drivers, but no luck so far ...
> I have updated the 7z archive with the etc folder in case you want to
> test with it ...

Yes, the NSS database should be available via libcurl-NSS. Its location is
configured by the SSL_DIR environment variable. I wasn't successful with my
first try, so good news for me it's working.

The main difference is that it can't read PEM files as the OpenSSL variant (or
NSS variant with the PEM reader module). There is also a module called
libnssckbi.so (perhaps libnssckbi.dll on Win?) containing hardwired root CA
certificates. I can give it a try to load. It could be an alternative
solution configured by e.g. a compile-time option...

I think Claes (CC) has also some experiences with libcurl-NSS on mac even with
a HW token.

Kamil
Received on 2009-08-31