At 2010-12-09 15:47:21£¬"ÕÅÐ÷·å" <***@126.com> wrote:
Hi All,

I have some problems with curl+nss usage.

Version
--------------
$ curl -V
curl 7.20.0 (i686-target-linux-gnu) libcurl/7.20.0 NSS/3.12.4.5 zlib/1.2.5 libidn/0.6.5
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile SSL libz
---------------
NSS database is in '/etc/pki/nssdb' directory.
When I run certutil, the output is:
$ certutil -L -d /etc/pki/nssdb/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
I don't know why there is no nickname output.
I also find there is a Makefile in '/usr/lib/ssl/certs' directory, which can be used to generate PEM format CA.
So I run 'make cacert.pem' and it is created.
Lastly when I using curl with this CA:
$ curl --cacert ./cacert.pem -X GET https://bugzilla.redhat.com

Maybe I have used the wrong command, run it as below:
$ curl --cert ./cacert.pem -X GET https://bugzilla.redhat.com
curl: (77) Problem with the SSL CA cert (path? access rights?)

Also fails, need help.

Thanks,
Xufeng Zhang



Segmentation fault

So I'm not sure about how to use curl with nss support efficiently.
Thanks in advance!


Thanks,
Xufeng Zhang





ÍøÒ×163/126ÓÊÏä°Ù·Ö°ÙŒæÈÝiphone ipadÓÊŒþÊÕ·¢

What exactly are you going to do?

What are the problems?
What distribution are you using? Are the packages provided by your distro?
If you have working Firefox, you can try to point curl to its database by
setting $SSL_DIR.
If you are able to repeat the crash with the latest curl/nss, please attach
the certificate that causes the crash. What does the following command say?

$ openssl x509 -in ./cacert.pem -noout -text

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se

Hi Kamil,
Thanks for your reply.
I'm not sure about how to use curl with nss support.
Can't access https:// through CA.
$ uname -a
Linux localhost 2.6.34.7 #1 PREEMPT Mon Dec 6 19:39:02 CST 2010 i686 i686 i386 GNU/Linux

curl+nss is base on cross-compiling building.
Firefox is not installed.
If I have set $SSL_DIR, then how to use it?
$ curl -E -X GET https://bugzilla.redhat.com ?
can't woks.
If use as below, then there is no crash:
$ curl --cert ./cacert.pem -X GET https://bugzilla.redhat.com
curl: (77) Problem with the SSL CA cert (path? access rights?)


$ openssl x509 -in ./cacert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=BJ, L=BJ, O=WR, OU=SD
Validity
Not Before: Nov 9 12:19:05 1992 GMT
Not After : Nov 9 12:19:05 1993 GMT
Subject: C=CN, ST=BJ, L=BJ, O=WR, OU=SD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:18:8c:af:66:42:ec:9d:a8:27:40:03:98:0a:
fe:8a:30:f2:85:ae:1c:e4:72:ef:33:22:16:0d:12:
20:d9:a3:45:e5:df:ab:c9:8c:3a:54:86:67:ff:c1:
de:98:35:81:85:ba:a5:0c:c7:fd:15:b2:08:e4:07:
64:8d:da:3a:a3:03:0d:c5:12:ec:88:71:6b:8f:64:
17:97:70:13:6f:24:a8:d4:73:6c:85:9f:bb:c9:30:
ee:ff:4d:df:96:77:fa:8e:94:a6:b2:6d:59:d1:ce:
6e:1c:04:b0:e3:b2:76:3a:96:75:3c:6f:18:65:ba:
5a:5b:91:ff:68:ac:00:1c:fd:62:2e:bb:a8:8e:f8:
35:df:1a:58:55:da:8a:f3:8b:d9:db:36:a1:39:8a:
85:47:0d:3c:79:d6:38:ac:b2:e7:00:e1:8f:9f:ac:
67:39:e9:a1:79:7b:ae:c3:f6:5e:01:6f:c4:de:c6:
38:76:c4:cb:b8:41:59:ac:89:ac:1c:ea:68:9d:eb:
a4:da:45:0b:09:6e:70:fe:25:a2:92:f5:41:dd:40:
c2:04:a8:23:f5:88:20:40:27:2e:4b:d3:9b:4e:6c:
45:74:01:51:a0:4c:49:f9:e3:5e:c0:32:b7:45:96:
8f:ba:ca:1e:53:01:87:de:55:b7:28:13:53:14:94:
de:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:28:9D:92:1C:30:F5:9A:EB:A7:D4:7C:30:C5:0E:5C:0F:19:49:C2
X509v3 Authority Key Identifier:
keyid:39:28:9D:92:1C:30:F5:9A:EB:A7:D4:7C:30:C5:0E:5C:0F:19:49:C2

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
04:d7:2a:c2:46:92:a6:64:5a:72:bb:7c:9d:47:77:7d:06:eb:
2b:e3:8a:b0:a6:6f:d4:4f:57:7e:fd:58:78:91:28:f5:b4:8f:
3e:1a:a7:45:57:96:64:ad:d8:b4:d5:cc:22:ac:ef:78:a2:35:
ef:48:f2:58:e5:1f:c7:24:14:0d:08:89:b9:d5:7c:cb:df:17:
15:37:0d:57:ed:d3:cf:2a:f4:df:4f:ec:31:97:dd:af:d3:56:
b4:84:8a:61:5f:3f:44:a6:8d:32:b0:41:c7:2f:9d:e2:09:d1:
26:73:6e:77:91:30:1c:9c:46:4f:42:ad:ef:cf:1d:89:46:15:
04:a6:7c:f3:7f:b8:94:12:4a:4a:a0:07:c6:7d:1a:c8:be:28:
f8:fa:ac:20:80:16:75:61:2b:bd:e0:5a:aa:a7:a6:dd:6a:ae:
34:d3:62:95:79:74:98:8b:2f:22:f2:e1:f2:d3:be:6e:0d:bc:
3e:c2:0b:ed:31:71:1a:16:9f:69:af:f9:79:35:e2:7c:6a:e3:
79:f5:4e:2f:8f:33:24:66:cb:f5:88:d1:e3:c3:56:16:08:b1:
b4:2f:c7:55:38:51:6b:6c:d1:37:16:da:5d:a3:70:e9:34:76:
1e:2d:94:87:49:5f:2f:ae:d8:3d:0b:28:3e:aa:72:1c:8d:1a:
39:48:9f:06


Thanks,
Xufeng Zhang