cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to use curl with nss supported?

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Sat, 11 Dec 2010 23:36:57 +0100

On Friday 10 December 2010 02:46:08 张绪峰 wrote:
> >> >What distribution are you using? Are the packages provided by your
> >> > distro?
> >>
> >> $ uname -a
> >> Linux localhost 2.6.34.7 #1 PREEMPT Mon Dec 6 19:39:02 CST 2010 i686
> >> i686 i386 GNU/Linux
> >
> >It does not say much about the distribution. But it is likely not Fedora
> >nor RHEL, which means you probably don't have the PEM reader installed on
> >your system by default.
>
> Yeah, there is no PEM reader in my system, I can find there is a pk12util.

You still didn't answer what your distribution is.

> >export SSL_DIR=/path/to/your/database
>
> But what about after? I also can't find my certificates.
> 1. $ certutil -L -d /etc/pki/nssdb
> Certificate Nickname Trust
> Attributes SSL,S/MIME,JAR/XPI 2. $ export SSL_DIR=/etc/pki/nssdb

SSL_DIR only specifies which NSS database curl uses. It does not change
anything in there. curl opens the database read-only. You need to modify
the database yourself, independently on curl:

http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

> cacert.pem and Makefile have been attached, I have renamed Makefile to
> Makefile.txt. Sorry, I also can't reproduce the crash now, werid, this time
> when I run: $ curl --cacert ./cacert.pem https://bugzilla.redhat.com
> curl: (60) Peer certificate cannot be authenticated with known CA
> certificates More details here: http://curl.haxx.se/docs/sslcerts.html

How are you going to verify authenticity of bugzilla.redhat.com with your
self-signed certificate? You need to load root CA certificates instead.

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-12-11