Your message dated Sun, 05 Mar 2023 21:50:08 +0000
with message-id <[email protected]>
and subject line Bug#726073: fixed in curl 7.88.1-3
has caused the Debian Bug report #726073,
regarding libcurl3-nss: can't use PEM certificates from ca-certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
726073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcurl3-nss
Version: 7.32.0-1
Severity: normal
I'm interested in trying to get git working with libcurl3-nss. It works
fine with libcurl3-gnutls. However, libcurl3-nss tries to use
libnsspem.so, which it does not appear is shipped in libnss3, and so git
cannot load the SSL cert, and fails (unless I disable SSL verification).
Example:
vauxhall ok % GIT_CURL_VERBOSE=1 git push
https://[email protected]/git/bmc/test.git development
* Couldn't find host git.crustytoothpaste.net in the .netrc file; using
defaults
* Adding handle: conn: 0x1b064e0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1b064e0) send_pipe: 1, recv_pipe: 0
* About to connect() to git.crustytoothpaste.net port 443 (#0)
* Trying 2001:470:1f05:79::1...
* Connected to git.crustytoothpaste.net (2001:470:1f05:79::1) port 443 (#0)
* Initializing NSS with certpath: none
* WARNING: failed to load NSS PEM library libnsspem.so. Using OpenSSL PEM
certificates will not work.
* Closing connection 0
fatal: unable to access
'https://[email protected]/git/bmc/test.git/': Problem with the SSL
CA cert (path? access rights?)
libcurl3-nss should not fail to verify certificates by default. If
libnsspem.so is required, a dependency on an appropriate package is
necessary. You probably need to talk to the libnss3 maintainers about
getting them to include it.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcurl3-nss depends on:
ii libc6 2.17-93
ii libgssapi-krb5-2 1.11.3+dfsg-3
ii libidn11 1.28-1
ii libldap-2.4-2 2.4.31-1+nmu2+b1
ii libnspr4 2:4.10-1
ii libnspr4-0d 2:4.10-1
ii libnss3 2:3.15.1-1
ii libnss3-1d 2:3.15.1-1
ii librtmp0 2.4+20121230.gitdf6c518-1
ii libssh2-1 1.4.3-1
ii multiarch-support 2.17-93
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages libcurl3-nss recommends:
ii ca-certificates 20130906
libcurl3-nss suggests no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.88.1-3
Done: Sergio Durigan Junior <[email protected]>
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergio Durigan Junior <[email protected]> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Mar 2023 12:59:58 -0500
Source: curl
Architecture: source
Version: 7.88.1-3
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Sergio Durigan Junior <[email protected]>
Closes: 726073
Changes:
curl (7.88.1-3) unstable; urgency=medium
.
* d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch:
Use correct paths when loading libnss{pem,ckbi}.so. (Closes: #726073)
* d/rules: Pass _DEB_HOST_ARCH via C{,XX}FLAGS; reenable NSS PEM tests.
* d/control: B-D on nss-plugin-pem (test only).
Also, make libcurl3-nss depend on nss-plugin-pem as well.
Checksums-Sha1:
b08c9e6dee0a11641b6311c66bc5f46c44c4820b 3058 curl_7.88.1-3.dsc
5fdfe4ac11fba50546d1286fee0c98f0de91f99a 40584 curl_7.88.1-3.debian.tar.xz
a2ac91628c52fc85702f83065d1e5cf20ba78f48 7620 curl_7.88.1-3_source.buildinfo
Checksums-Sha256:
8a0645d10610c7e2301447acde54552cd2dddcf4051dc168bfc75b0b508deadf 3058
curl_7.88.1-3.dsc
0b40a14886bdb153896e7f930e61438f5ad35b36a42e4aaef5a9c55de32d85ea 40584
curl_7.88.1-3.debian.tar.xz
ac5429acfacb80c7c10dab2b3176e9393a959cad30b38cf9b3c0c5ecfb514839 7620
curl_7.88.1-3_source.buildinfo
Files:
724307da89aec4f31c36b29c113f2591 3058 web optional curl_7.88.1-3.dsc
0fe4309c5139d436d087f610451f2768 40584 web optional curl_7.88.1-3.debian.tar.xz
bee195fc94b99878482df0072539f9ab 7620 web optional
curl_7.88.1-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEI3pUsQKHKL8A7zH00Ot2KGX8XjYFAmQFDLwUHHNlcmdpb2Rq
QGRlYmlhbi5vcmcACgkQ0Ot2KGX8Xjb27Q/7BVwXyhrT9npZuFrF1cMLFH2wZPRi
pf5UoyQQ9G0m7WeIb7EMSirw9qpyG6O6f/VmnIHS3Dax8a3Up0huza0QP6rYtHdX
zG6TaJlrku0/0qYRbVswv6ZsaQ2Tagz4A5sG1BLbgh3sbvN0QCC2lEc9LSjXOgsr
hRwF03KPWIXxJQeiba9l0yI5k28jNf8kqLAqfDTLQ8Ukd+fAtLkCMjr/2DlrHDdy
14kNcAtRHvPHVZnWjpZjBEoDu56+VmdJsGhP9YBrVq0KxUM/gaZmD4GW31FjYgyg
tV9CtY+qXC4/K2cV0f83QAOFeewqHxP2yXtNvkjEWxJCERCHP/JhjIVkobv+4fTg
6x2xZugBeMK2FXFwWBsvE8EAo1wjzm+PyRP9bFje254b+yC3pjf+JjoY9zECorSo
Wa9mw08sP5nizw3UbM+L6inu/rDBMtxKex01PpC3+l3YL6kTKUxg9d49UQ1lPe50
9Vzn4eKhasj3/D2I0ruQ2noU/d9iPvnI+G+4/4LwcNatlYVVsOl45kSGP4ZZ+U9d
o931adqDUZcpCzi0ZlwMb7scRhCr24eXeTy/NzkZ5/TB/kkK+ZDXPbOz7j/eZtHr
V8DF2gOvetBPsR6VOithtIGUGyBOL/x1SQ5kN5zJPLMbJqKgzPrgpsYC49h5n+8W
I+4w6r/7p3zZ55o=
=4DZR
-----END PGP SIGNATURE-----
--- End Message ---
