On Friday 10 December 2010 02:46:08 张绪峰 wrote: > >> >What distribution are you using? Are the packages provided by your > >> > distro? > >> > >> $ uname -a > >> Linux localhost 2.6.34.7 #1 PREEMPT Mon Dec 6 19:39:02 CST 2010 i686 > >> i686 i386 GNU/Linux > > > >It does not say much about the distribution. But it is likely not Fedora > >nor RHEL, which means you probably don't have the PEM reader installed on > >your system by default. > > Yeah, there is no PEM reader in my system, I can find there is a pk12util.
You still didn't answer what your distribution is. > >export SSL_DIR=/path/to/your/database > > But what about after? I also can't find my certificates. > 1. $ certutil -L -d /etc/pki/nssdb > Certificate Nickname Trust > Attributes SSL,S/MIME,JAR/XPI 2. $ export SSL_DIR=/etc/pki/nssdb SSL_DIR only specifies which NSS database curl uses. It does not change anything in there. curl opens the database read-only. You need to modify the database yourself, independently on curl: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html > cacert.pem and Makefile have been attached, I have renamed Makefile to > Makefile.txt. Sorry, I also can't reproduce the crash now, werid, this time > when I run: $ curl --cacert ./cacert.pem https://bugzilla.redhat.com > curl: (60) Peer certificate cannot be authenticated with known CA > certificates More details here: http://curl.haxx.se/docs/sslcerts.html How are you going to verify authenticity of bugzilla.redhat.com with your self-signed certificate? You need to load root CA certificates instead. Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
