cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Client authenticated closed SSL with curl NSS

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 7 May 2013 11:03:13 +0200

On Tuesday 07 May 2013 04:59:32 Richard Levenberg wrote:
> I have a use case to use only a very specific truststore and one client
> certificate. This works fine with curl compiled against OpenSSL:
>
> curl --cacert truststore.pem --cert example.com.pem:test
> https://example.com
>
> What is the equivalent of this when compiled with NSS? My concern is
> that the shift in paradigm with NSS is completely orthogonal to my use
> case in that I do not want any other application sharing my truststore,
> nor do I want to install my client certificate for any other
> application's usage.

You can specify which NSS database to use by the $SSL_DIR environment
variable, so you can point it to an empty database (created by certutil -N).
You can also configure your system not to use nsssysinit -- there is a script
named setup-nsssysinit.sh on Fedora configuring this.

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-07