On 12/12/2010 06:44 AM, Kamil Dudka wrote:
On Friday 10 December 2010 09:33:05 张绪峰 wrote:
So I believe the solutions to have to select from are that you either
don't use PEM certificates with NSS, or you arrange your NSS library to
have PEM support.
I find there is libnsspem.so library in my system, so why NSS can't support
PEM format?
That would explain the crash ;-) Please make sure you have its most recent
version. There used to be tons of crucial bugs in the initial version.
The PEM module is still a work in progress from what I know.
Kamil
Hi Kamil,
I'm using nss-3.12.4, the newest NSS release, and the system I'm using
is not
a standard distribution.
This problem really disturb me.
I got a cacert.pem file from http://curl.haxx.se/docs/caextract.html,
still can't work:
$ curl --cacert cacert.pem -v https://bugzilla.mozilla.org
* About to connect() to bugzilla.mozilla.org port 443 (#0)
* Trying 63.245.209.72... connected
* Connected to bugzilla.mozilla.org (63.245.209.72) port 443 (#0)
* Initializing NSS with certpath: /etc/pki/nssdb
* CAfile: cacert.pem
CApath: none
* Remote Certificate has expired.
* NSS error -8181
* Closing connection #0
* Peer certificate cannot be authenticated with known CA certificates
curl: (60) Peer certificate cannot be authenticated with known CA
certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
............................
I just want to write a test case to verify curl+nss works after I
enabled nss to curl,
why it's so difficult? :-(
Thanks,
Xufeng Zhang
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
