On Thu, Mar 11, 2010 at 03:29:07AM +0100, Guenter wrote: > Hi, Petr Pisar schrieb: > > On Wed, Mar 10, 2010 at 08:41:35PM +0100, Guenter wrote: > >> Petr Pisar schrieb: > >>> OPENSSL_CONF is the same hack as SSL_DIR for NSS crypto backend. When > >>> I wrote my application, I thought CURLOPT_CAPATH should carry NSS > >>> database path instead of setting SSL_DIR. It's little confusing. > >> SSL_DIR is not a hack by us here, but is already used inside NSS self > >> - though badly documented ... > >> > > Realy? If I look into curl, I can see you pass the variable value into > > NSS_Initialize() only and you do not use it anywhere else. If the variable > > is not defined you just pass some default string and you _don't_ export it > > for sake of NSS. > > > > If I grep NSS, the only places presenting SSL_DIR are inside testing code, > > not in the library itself. > http://curl.haxx.se/mail/lib-2009-09/0321.html > Exactly as Kamil Dudek said
> SSL_DIR is sort of standard Question is whether its upcoming or leaving standard because all three tools (dbtest, remtest, tstclnt) are not installed by nss by default. I tracked the SSL_DIR data and it is used only as a fall-back for undefined -d (database directory) argument. Thus it has exactly the same purpose as OPENSSL_CNF variable (OpenSSL tools have -config option and OPENSSL_CNF as a second resolution). Frankly, I'm not against new curl(1/3) option instead of or next to environment variable. I just think it's the simplest and in OpenSSL world well-accepted solution. -- Petr
pgpglEKc5JbS0.pgp
Description: PGP signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
