From 8c3f40ee320c419800b97f7ed385c43948970f61 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Sep 2007 22:21:54 +0000 Subject: Rob Crittenden provided an NSS update with the following highlights: o It looks for the NSS database first in the environment variable SSL_DIR, then in /etc/pki/nssdb, then it initializes with no database if neither of those exist. o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be loaded, including the ca-bundle. If it is not available then only certificates already in the NSS database are used. o Tries to detect whether a file or nickname is being passed in so the right thing is done o Added a bit of code to make the output more like the OpenSSL module, including displaying the certificate information when connecting in verbose mode o Improved handling of certificate errors (expired, untrusted, etc) The libnsspem.so PKCS#11 module is currently only available in Fedora 8/rawhide. Work will be done soon to upstream it. The NSS module will work with or without it, all that changes is the source of the certificates and keys. --- docs/curl.1 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'docs/curl.1') diff --git a/docs/curl.1 b/docs/curl.1 index bfa1a7d6f..2b1736998 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -330,7 +330,9 @@ them independently. If curl is built against the NSS SSL library then this option tells curl the nickname of the certificate to use within the NSS database defined -by --cacert. +by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the +NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be +loaded. If this option is used several times, the last one will be used. .IP "--cert-type " @@ -352,7 +354,10 @@ The windows version of curl will automatically look for a CA certs file named Current Working Directory, or in any folder along your PATH. If curl is built against the NSS SSL library then this option tells -curl the directory that the NSS certificate database resides in. +curl the nickname of the CA certificate to use within the NSS database +defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). +If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files +may be loaded. If this option is used several times, the last one will be used. .IP "--capath " -- cgit v1.2.3