Mailing Lists
|
|
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1196 with NSS, some certs unselectable via --cert name:passwd syntax
From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Mon, 06 May 2013 13:14:16 +0000
Thanks, closing this issue!
--- ** [bugs:#1196] with NSS, some certs unselectable via --cert name:passwd syntax** **Status:** closed-fixed **Labels:** SSL/TLS **Created:** Wed Feb 13, 2013 07:57 PM UTC by jared jennings **Last Updated:** Mon May 06, 2013 01:12 PM UTC **Owner:** nobody I need a way to tell the curl tool to use a certificate having a colon in its name. With the curl tool, when I specify a client certificate to use via the -E or --cert switch, I can optionally specify a passphrase by appending a colon and the passphrase to the argument of the switch. In src/tool_getparam.c around line 1206, the first colon in the argument is found, using strchr, and everything after it is deemed to be the passphrase. Because of this decision, passphrases containing colons can be used, but certificates whose names contain colons cannot. The use case is this: I've built curl against NSS, and I'm trying to use the certificate on my smartcard. When you import a certificate from a file into an NSS database, it goes onto the token named "NSS Certificate DB." When you specify a certificate in the NSS database by its nickname, by default that certificate is sought on the "NSS Certificate DB" token. So if all you use with NSS is certificates you've imported from files, you never need a colon. But if the certificate you want to use is stored on a different token (e.g., a smartcard), you have to name both the token and the certificate; the way to do so is with the syntax token:nickname - i.e. separating them by a colon. So the name of the certificate on my smartcard is "MY.FULL.NAME.1234567890:CAC ID Certificate". Unfortunately when I hand that value to the -E switch, the curl tool parses that as a request to use the certificate named MY.FULL.NAME.1234567890, with the passphrase "CAC ID Certificate". --- Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1196/> To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>Received on 2013-05-06 These mail archives are generated by hypermail. |
Page updated January 05, 2012.
web site info