Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

libcurl with NSS CA-certificate problem

From: Maxime Legros via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 18 Sep 2018 13:19:50 +0200

Hello,

As part of a project we decided to use the libcurl library in our c++
program to handle IMAP communication on a windows platform, because of
licencing issues we have compiled a version of libCurl using NSS but
without OpenSSL support.
Right now we managed to have a simple non encrypted connection and to
encrypt the connection using the server certificate by using the
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0L).

But whenever we try to use the peer verification the connection is cut
before the SSL handsake begin and we get an error:
"curl_easy_perform() failed: Problem with the SSL CA cert (path?
access rights?)"
verbose give us "failed to load libnssckbi.so"

and if we pass CURLOPT_SSLCERT with my certificate name we get the
same error but this time we have the line "Initializing NSS with
certpath: sql:mySSL_DIR_path"

we tried using the curl command line equivalent to our program :
curl.exe -v imaps://url --user "user:pwd"

We figured that they is a problem with our NSS database but can't
figure out what, we can read the database with Certutil.exe. do you
see anything wrong with our process?

Also is it normal that on a system windows NSS search for
libnssckbi.so (we have nssckbi.dll in our path).

Hoping you can help.

Sincerely

Maxime Legros 

-- 
« Les informations contenues dans ce courriel et tout document attaché 
peuvent être de nature confidentielle ou propriétaire. Si vous n’êtes pas 
le destinataire escompté, merci d’en informer Rockwell Collins 
immédiatement et de détruire ce courriel ainsi que tout document attaché. 
Toute divulgation, distribution ou copie de ces informations sans 
autorisation préalable est interdite. »
“The information in this e-mail 
and any attached document may be of a confidential or proprietary nature. 
If you are not the intended recipient, please notify Rockwell Collins 
immediately and delete this e-mail and any attached document. Any 
unauthorised disclosure, distribution or copying hereof is prohibited.”
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2018-09-18