Summary: | net-misc/curl-7.22.0 is unable to handle some SSL certs correctly (PEM) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Cédric Jeanneret <contact> |
Component: | Current packages | Assignee: | Anthony Basile <blueness> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | angelos, base-system, contact, flameeyes, gregkh, mozilla, pva |
Priority: | Normal | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 380119 | ||
Bug Blocks: |
Description
Cédric Jeanneret
2011-10-18 08:03:56 UTC
Found out what was the problem: I installed thunderbird-bin, which wants curl use "nss". "nss" use blocks "gnutls" use... Solution: as I don't use thunderbird, I removed it, removed "nss" use from curl, and added "gnutls" instead. Now my curl is working fine with tls/ssl hosts. I wonder if you're seeing https://bugzilla.mozilla.org/show_bug.cgi?id=531160 here *** Bug 389441 has been marked as a duplicate of this bug. *** perhaps a dupe of bug 380119 ... (In reply to comment #1) > Found out what was the problem: > > I installed thunderbird-bin, which wants curl use "nss". > "nss" use blocks "gnutls" use... > > Solution: > as I don't use thunderbird, I removed it, removed "nss" use from curl, and > added "gnutls" instead. > > Now my curl is working fine with tls/ssl hosts. I just tested this with curl-7.24.0 with the following flags: USE="ipv6 ldap (multilib) nss ssl static-libs threads -ares -gnutls -idn -kerberos -ssh -test" Then I removed nss and added gnutls In both cases, curl -I https://git.kernel.org/ gave HTTP/1.1 200 OK Date: Sat, 24 Mar 2012 18:26:36 GMT Server: Apache/2.2.22 (Fedora) Content-Type: text/html; charset=utf-8 I wonder if this is related to bug #403619. (In reply to comment #5) > (In reply to comment #1) > > Found out what was the problem: > > > > I installed thunderbird-bin, which wants curl use "nss". > > "nss" use blocks "gnutls" use... > > > > Solution: > > as I don't use thunderbird, I removed it, removed "nss" use from curl, and > > added "gnutls" instead. > > > > Now my curl is working fine with tls/ssl hosts. > > I just tested this with curl-7.24.0 with the following flags: > > USE="ipv6 ldap (multilib) nss ssl static-libs threads -ares -gnutls -idn > -kerberos -ssh -test" > > Then I removed nss and added gnutls > > In both cases, curl -I https://git.kernel.org/ gave > > HTTP/1.1 200 OK > Date: Sat, 24 Mar 2012 18:26:36 GMT > Server: Apache/2.2.22 (Fedora) > Content-Type: text/html; charset=utf-8 > > > I wonder if this is related to bug #403619. Your testing is flaw'd, if you have ssl enabled it will default over nss and gnutls. (In reply to comment #6) > Your testing is flaw'd, if you have ssl enabled it will default over nss and > gnutls. Okay USE="-ssl -gnutls nss" hits it: # curl -I https://git.kernel.org/ --trace -v curl: (77) Problem with the SSL CA cert (path? access rights?) Jory, is this a problem in nss? (In reply to comment #7) > (In reply to comment #6) > > Your testing is flaw'd, if you have ssl enabled it will default over nss and > > gnutls. > > Okay USE="-ssl -gnutls nss" hits it: > > # curl -I https://git.kernel.org/ --trace -v > curl: (77) Problem with the SSL CA cert (path? access rights?) > > Jory, is this a problem in nss? @Anarchy, dev-libs/nss-3.13.3 from the mozilla overlay fixes it. Thanks. nss-3.13.3_pem.support patch did it. 3.13.4 has support for pem, I will conmtinue to support pem via fedora patches that are appropriate for gentoo. |