On Tuesday, September 18, 2018 1:19:50 PM CEST Maxime Legros via curl-library wrote: > Hello, > > As part of a project we decided to use the libcurl library in our c++ > program to handle IMAP communication on a windows platform, because of > licencing issues we have compiled a version of libCurl using NSS but > without OpenSSL support. > Right now we managed to have a simple non encrypted connection and to > encrypt the connection using the server certificate by using the > curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0L). > > But whenever we try to use the peer verification the connection is cut > before the SSL handsake begin and we get an error: > "curl_easy_perform() failed: Problem with the SSL CA cert (path? > access rights?)" > verbose give us "failed to load libnssckbi.so"
This is a portability problem in libcurl code. The file names to dlopen() are hard-wired: https://github.com/curl/curl/blob/056cc37e/lib/vtls/nss.c#L220 Anyway, you are not going to use nssckbi.dll as the root of trust as I understand it. > and if we pass CURLOPT_SSLCERT with my certificate name we get the > same error but this time we have the line "Initializing NSS with > certpath: sql:mySSL_DIR_path" So you are going to use NSS database as the root of trust. This should work but does not work currently. I believe that the following tiny patch would fix it: https://github.com/curl/curl/pull/3016 Kamil > we tried using the curl command line equivalent to our program : > curl.exe -v imaps://url --user "user:pwd" > > We figured that they is a problem with our NSS database but can't > figure out what, we can read the database with Certutil.exe. do you > see anything wrong with our process? > > Also is it normal that on a system windows NSS search for > libnssckbi.so (we have nssckbi.dll in our path). > > Hoping you can help. > > Sincerely > > Maxime Legros ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
