On Thu, Jan 12, 2012 at 10:24:31PM +0100, Evgeni Golov wrote: > Package: libcurl4-nss-dev > Version: 7.23.1-3 > Severity: normal > > Heya,
Hi, > not sure about severity, so feel free to change in any direction :) > Neither whether this better belongs to ca-certificates or libnss. > > Currently, it is not really possible to write code that uses HTTPS sites > and link said code against libcurl4-nss-dev. Well, you can write and link, > but the resulting binary will just spit out CURLE_SSL_CACERT_BADFILE (77) > and die. Yes of course, I can add CURLOPT_SSL_VERIFYPEER=0, but then the > whole reason why I want to use SSL is gone, as I cannot verify the peer. > > I have read http://curl.haxx.se/docs/sslcerts.html and could not find > neither a NSSdb nor the compat lib in Debian. Is there any other way to use > a binary linked against curl-nss on https sites? You should create an NSS database by yourself and use that by setting the CURLOPT_CAINFO option to the db directory. I don't have much experience with NSS so I can't help much, but the certutil command in the libnss3-tools package should be helpful. Alternatively someone should either package a default NSS database that reflects ca-certifcates or package the libnsspem module (as in Red Hat) which adds PEM support to libnss. I do not know where it comes from (if it's a Red Hat specific thing or not) or if it can be packaged for Debian though. If you really need working-out-of-the-box SSL support why not using libcurl3 or libcurl3-gnutls? > PS: not sure whether this is also #558283, forgive my incompetence :) Hmm, no. That is just a request to move the mozilla/nss certificates out of the ca-certificates package to a ca-certificates-nss subpackage, but it wouldn't change much since those certificates would be in PEM format (which is not supported by libnss) anyway. Cheers -- perl -E'$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse' -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
