On Wed, Mar 10, 2010 at 08:41:35PM +0100, Guenter wrote: > Petr Pisar schrieb: > > OPENSSL_CONF is the same hack as SSL_DIR for NSS crypto backend. When > > I wrote my application, I thought CURLOPT_CAPATH should carry NSS database > > path instead of setting SSL_DIR. It's little confusing. > SSL_DIR is not a hack by us here, but is already used inside NSS self - > though badly documented ... > Realy? If I look into curl, I can see you pass the variable value into NSS_Initialize() only and you do not use it anywhere else. If the variable is not defined you just pass some default string and you _don't_ export it for sake of NSS.
If I grep NSS, the only places presenting SSL_DIR are inside testing code, not in the library itself. BTW, is somebody here experienced with PKCS#11 modules pluged into NSS as curl back-end? I'm able to use TLS certificates and keys from internal NSS module. Seeking for certificates or keys from other modules resuls in curl SSL initialization failure. FYI I'm able to use the same NSS database from Firefox or list the certs by certutil. -- Petr
pgpc6xavN5Ytu.pgp
Description: PGP signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
