Hey, sorry for the delay.
On Fri, Jan 13, 2012 at 08:29:02PM +0100, Alessandro Ghedini wrote: > > Currently, it is not really possible to write code that uses HTTPS sites > > and link said code against libcurl4-nss-dev. Well, you can write and link, > > but the resulting binary will just spit out CURLE_SSL_CACERT_BADFILE (77) > > and die. Yes of course, I can add CURLOPT_SSL_VERIFYPEER=0, but then the > > whole reason why I want to use SSL is gone, as I cannot verify the peer. > > > > I have read http://curl.haxx.se/docs/sslcerts.html and could not find > > neither a NSSdb nor the compat lib in Debian. Is there any other way to use > > a binary linked against curl-nss on https sites? > > You should create an NSS database by yourself and use that by setting the > CURLOPT_CAINFO option to the db directory. I don't have much experience with > NSS so I can't help much, but the certutil command in the libnss3-tools > package should be helpful. Yes it looks like this, thanks. > Alternatively someone should either package a default NSS database that > reflects ca-certifcates or package the libnsspem module (as in Red Hat) > which adds PEM support to libnss. I do not know where it comes from (if it's > a Red Hat specific thing or not) or if it can be packaged for Debian though. > > If you really need working-out-of-the-box SSL support why not using > libcurl3 or libcurl3-gnutls? Because libraries exist, that depend on the curl-nss-dev package, uninstalling all other curl devs. Using these libraries makes it thus impossible to use openssl/gnutls in the own code. -- Bruce Schneier can read and understand Perl programs. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
