** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439
Title: Regression finding system certificates Status in curl package in Ubuntu: Triaged Status in curl package in Debian: Fix Released Bug description: [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2016439/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
