Rob Crittenden provided an NSS update with the following highlights:
o It looks for the NSS database first in the environment variable SSL_DIR, then in /etc/pki/nssdb, then it initializes with no database if neither of those exist. o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be loaded, including the ca-bundle. If it is not available then only certificates already in the NSS database are used. o Tries to detect whether a file or nickname is being passed in so the right thing is done o Added a bit of code to make the output more like the OpenSSL module, including displaying the certificate information when connecting in verbose mode o Improved handling of certificate errors (expired, untrusted, etc) The libnsspem.so PKCS#11 module is currently only available in Fedora 8/rawhide. Work will be done soon to upstream it. The NSS module will work with or without it, all that changes is the source of the certificates and keys.
This commit is contained in:
Daniel Stenberg
@@ -12,6 +12,7 @@ Curl and libcurl 7.17.1
|
||||
This release includes the following changes:
|
||||
|
||||
o automatically append ";type=<a|i>" when using HTTP proxies for FTP urls
|
||||
o improved NSS support
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
@@ -35,6 +36,6 @@ New curl mirrors:
|
||||
This release would not have looked like this without help, code, reports and
|
||||
advice from friends like these:
|
||||
|
||||
Dan Fandrich, Michal Marek, G<>nter Knauf
|
||||
Dan Fandrich, Michal Marek, G<>nter Knauf, Rob Crittenden
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
||||
Reference in New Issue
Block a user