nss: load libnssckbi.so if no other trust is specified

The module contains a more comprehensive set of trust information than supported by nss-pem, because libnssckbi.so also includes information about distrusted certificates. Reviewed-by: Kai Engert Closes #1414
author: Kamil Dudka <kdudka@redhat.com> 2017-04-10 17:40:30 +0200
committer: Kamil Dudka <kdudka@redhat.com> 2017-04-25 13:24:24 +0200
commit: e3e8d0204b72509cfd63d97a159d1ac3fdea703b (patch)
tree: 7803d08fadd1e54fdb747a3284982c97c4de83ba /docs/libcurl/opts/CURLOPT_CAINFO.3
parent: fab3d1ec650e17fd15cf8b6d4ffa5bfd523501dc (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3
index 127b90443..43a4901f0 100644
--- a/docs/libcurl/opts/CURLOPT_CAINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CAINFO.3
@@ -40,6 +40,11 @@ is assumed to be stored, as established at build time.
 
 If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
 (libnsspem.so) needs to be available for this option to work properly.
+Starting with curl-7.55.0, if both \fICURLOPT_CAINFO(3)\fP and
+\fICURLOPT_CAPATH(3)\fP are unset, NSS-linked libcurl tries to load
+libnssckbi.so, which contains a more comprehensive set of trust information
+than supported by nss-pem, because libnssckbi.so also includes information
+about distrusted certificates.
 
 (iOS and macOS only) If curl is built against Secure Transport, then this
 option is supported for backward compatibility with other SSL engines, but it
author	Kamil Dudka <kdudka@redhat.com>	2017-04-10 17:40:30 +0200
committer	Kamil Dudka <kdudka@redhat.com>	2017-04-25 13:24:24 +0200
commit	e3e8d0204b72509cfd63d97a159d1ac3fdea703b (patch)
tree	7803d08fadd1e54fdb747a3284982c97c4de83ba /docs/libcurl/opts/CURLOPT_CAINFO.3
parent	fab3d1ec650e17fd15cf8b6d4ffa5bfd523501dc (diff)