At 2010-12-10 16:07:46,"Daniel Stenberg" <[email protected]> wrote: >On Fri, 10 Dec 2010, 张绪峰 wrote: > >>> You can get the one Firefox uses from here: >>> >>> http://curl.haxx.se/docs/caextract.html >> >> Thanks for your help, I have just tried, still doesn't work. when I run >> "curl --cacert cacert.pem https://bugzilla.mozilla.org";, it got following >> output: curl: (60) Peer certificate cannot be authenticated with known CA >> certificates More details here: http://curl.haxx.se/docs/sslcerts.html > >... as Kamil explained previously, NSS does not (yet) support loading PEM >files like that but needs a patch for it (that Fedora has applied on the NSS >they ship). Some detail info: $ curl --cacert cacert.pem -v https://www.mozilla.org * About to connect() to www.mozilla.org port 443 (#0) * Trying 63.245.217.21... connected * Connected to www.mozilla.org (63.245.217.21) port 443 (#0) * Initializing NSS with certpath: /etc/pki/nssdb * CAfile: cacert.pem CApath: none * Remote Certificate has expired. * NSS error -8181 * Closing connection #0 * Peer certificate cannot be authenticated with known CA certificates curl: (60) Peer certificate cannot be authenticated with known CA certificates > >So I believe the solutions to have to select from are that you either don't >use PEM certificates with NSS, or you arrange your NSS library to have PEM >support. Both are OK, then which one is an easy way? and how to do it? Thanks very much! Thanks, Xufeng Zhang > >-- > > / daniel.haxx.se
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
