On Fri, Oct 11, 2013 at 11:49:37PM +0000, brian m. carlson wrote: > Package: libcurl3-nss > Version: 7.32.0-1 > Severity: normal > > I'm interested in trying to get git working with libcurl3-nss. It works > fine with libcurl3-gnutls. However, libcurl3-nss tries to use > libnsspem.so, which it does not appear is shipped in libnss3, and so git > cannot load the SSL cert, and fails (unless I disable SSL verification). > > [...] > > libcurl3-nss should not fail to verify certificates by default. If > libnsspem.so is required, a dependency on an appropriate package is > necessary. You probably need to talk to the libnss3 maintainers about > getting them to include it.
NSS doesn't support SSL/TLS certificates in PEM format, and that libnsspem.so thing is Fedora/Red Hat specific at the moment. So you either have to open a bug againt the libnss package asking to provide libnsspem as Fedora does, or you provide a valid NSS certificate database to libcurl, which is not currently shipped by Debian (you can ask the ca-certificates maintainers to provide the default CA certificates bundle as NSS database too I guess). The easiest solution is to not use NSS though, unless you really know what you are doing. Is there any particular reason you want to use git with NSS? Cheers -- perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
signature.asc
Description: Digital signature