Some users [0] are hitting problems involving NSS: > $ curl https://github.com -v > * Trying 13.236.229.21:443... > * Connected to github.com (13.236.229.21) port 443 (#0) > * Initializing NSS with certpath: none > * WARNING: failed to load NSS PEM library libnsspem.so. Using OpenSSL PEM certificates will not work. > * CAfile: /etc/ssl/certs/ca-certificates.crt > CApath: /etc/ssl/certs >* Closing connection 0 >curl: (77) Problem with the SSL CA cert (path? access rights?) Interestingly, USE="nss -openssl" CURL_SSL="nss" seems to *not* trigger this problem, while USE="nss openssl" CURL_SSL="nss" fails as above unless dev-libs/nss-pem is installed. I assume there's some pkcs12 support provided by openssl which ends up being used, but not sure. The curl docs which say: >If libcurl was built with NSS support, then depending on the OS distribution, it is probably required to take some additional steps to use the system-wide CA cert db. RedHat ships with an additional module, libnsspem.so, which enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install p11-kit-nss-trust which makes NSS use the system wide CA certificate store. [0] https://curl.haxx.se/docs/sslcerts.html [0] Forum post: https://forums.gentoo.org/viewtopic-p-8498190.html#8498190 [1] https://curl.haxx.se/docs/sslcerts.html
Note also that some deps like net-libs/liboauth are depending on CURL_SSL="nss" but they should be depending on USE=nss instead, as CURL_SSL just controls the default provider now.
*** This bug has been marked as a duplicate of bug 768912 ***