On Fri, Oct 11, 2013 at 11:49:37PM +0000, brian m. carlson wrote: > Package: libcurl3-nss > Version: 7.32.0-1 > Severity: normal > > I'm interested in trying to get git working with libcurl3-nss. It works > fine with libcurl3-gnutls. However, libcurl3-nss tries to use > libnsspem.so, which it does not appear is shipped in libnss3, and so git > cannot load the SSL cert, and fails (unless I disable SSL verification). > > [...] > > libcurl3-nss should not fail to verify certificates by default. If > libnsspem.so is required, a dependency on an appropriate package is > necessary. You probably need to talk to the libnss3 maintainers about > getting them to include it.
NSS doesn't support SSL/TLS certificates in PEM format, and that libnsspem.so
thing is Fedora/Red Hat specific at the moment. So you either have to open a
bug againt the libnss package asking to provide libnsspem as Fedora does, or
you provide a valid NSS certificate database to libcurl, which is not currently
shipped by Debian (you can ask the ca-certificates maintainers to provide the
default CA certificates bundle as NSS database too I guess).
The easiest solution is to not use NSS though, unless you really know what you
are doing. Is there any particular reason you want to use git with NSS?
Cheers
--
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
signature.asc
Description: Digital signature
