curl-library
Re: libcurl with NSS CA-certificate problem
Date: Wed, 19 Sep 2018 10:17:57 +0200
On Tuesday, September 18, 2018 1:19:50 PM CEST Maxime Legros via curl-library wrote:
> Hello,
>
> As part of a project we decided to use the libcurl library in our c++
> program to handle IMAP communication on a windows platform, because of
> licencing issues we have compiled a version of libCurl using NSS but
> without OpenSSL support.
> Right now we managed to have a simple non encrypted connection and to
> encrypt the connection using the server certificate by using the
> curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0L).
>
> But whenever we try to use the peer verification the connection is cut
> before the SSL handsake begin and we get an error:
> "curl_easy_perform() failed: Problem with the SSL CA cert (path?
> access rights?)"
> verbose give us "failed to load libnssckbi.so"
This is a portability problem in libcurl code. The file names to dlopen()
are hard-wired:
https://github.com/curl/curl/blob/056cc37e/lib/vtls/nss.c#L220
Anyway, you are not going to use nssckbi.dll as the root of trust as
I understand it.
> and if we pass CURLOPT_SSLCERT with my certificate name we get the
> same error but this time we have the line "Initializing NSS with
> certpath: sql:mySSL_DIR_path"
So you are going to use NSS database as the root of trust. This should
work but does not work currently. I believe that the following tiny patch
would fix it:
https://github.com/curl/curl/pull/3016
Kamil
> we tried using the curl command line equivalent to our program :
> curl.exe -v imaps://url --user "user:pwd"
>
> We figured that they is a problem with our NSS database but can't
> figure out what, we can read the database with Certutil.exe. do you
> see anything wrong with our process?
>
> Also is it normal that on a system windows NSS search for
> libnssckbi.so (we have nssckbi.dll in our path).
>
> Hoping you can help.
>
> Sincerely
>
> Maxime Legros
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-09-19