curl / Mailing Lists / curl-library / Single Mail


libcurl with NSS CA-certificate problem

From: Maxime Legros via curl-library <>
Date: Tue, 18 Sep 2018 13:19:50 +0200


As part of a project we decided to use the libcurl library in our c++
program to handle IMAP communication on a windows platform, because of
licencing issues we have compiled a version of libCurl using NSS but
without OpenSSL support.
Right now we managed to have a simple non encrypted connection and to
encrypt the connection using the server certificate by using the

But whenever we try to use the peer verification the connection is cut
before the SSL handsake begin and we get an error:
"curl_easy_perform() failed: Problem with the SSL CA cert (path?
access rights?)"
verbose give us "failed to load"

and if we pass CURLOPT_SSLCERT with my certificate name we get the
same error but this time we have the line "Initializing NSS with
certpath: sql:mySSL_DIR_path"

we tried using the curl command line equivalent to our program :
curl.exe -v imaps://url --user "user:pwd"

We figured that they is a problem with our NSS database but can't
figure out what, we can read the database with Certutil.exe. do you
see anything wrong with our process?

Also is it normal that on a system windows NSS search for (we have nssckbi.dll in our path).

Hoping you can help.


Maxime Legros

« Les informations contenues dans ce courriel et tout document attaché 
peuvent être de nature confidentielle ou propriétaire. Si vous n’êtes pas 
le destinataire escompté, merci d’en informer Rockwell Collins 
immédiatement et de détruire ce courriel ainsi que tout document attaché. 
Toute divulgation, distribution ou copie de ces informations sans 
autorisation préalable est interdite. »
“The information in this e-mail 
and any attached document may be of a confidential or proprietary nature. 
If you are not the intended recipient, please notify Rockwell Collins 
immediately and delete this e-mail and any attached document. Any 
unauthorised disclosure, distribution or copying hereof is prohibited.”
Received on 2018-09-18