generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rob Crittenden provided an NSS update with the following highlights:

Browse Source 
o It looks for the NSS database first in the environment variable SSL_DIR,
  then in /etc/pki/nssdb, then it initializes with no database if neither of
  those exist.

o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
  loaded, including the ca-bundle. If it is not available then only
  certificates already in the NSS database are used.

o Tries to detect whether a file or nickname is being passed in so the right
  thing is done

o Added a bit of code to make the output more like the OpenSSL module,
  including displaying the certificate information when connecting in
  verbose mode

o Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.
This commit is contained in:
Daniel Stenberg
2007-09-18 22:21:54 +00:00
parent b1aafbd957
commit 8c3f40ee32
6 changed files with 579 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/curl.1
View File

@@ -330,7 +330,9 @@ them independently.
If curl is built against the NSS SSL library then this option tells
curl the nickname of the certificate to use within the NSS database defined
by --cacert.
by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the
NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be
loaded.
If this option is used several times, the last one will be used.
.IP "--cert-type <type>"
@@ -352,7 +354,10 @@ The windows version of curl will automatically look for a CA certs file named
Current Working Directory, or in any folder along your PATH.
If curl is built against the NSS SSL library then this option tells
curl the directory that the NSS certificate database resides in.
curl the nickname of the CA certificate to use within the NSS database
defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb).
If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files
may be loaded.
If this option is used several times, the last one will be used.
.IP "--capath <CA certificate directory>"