On Jul 28, 2014, at 5:05 PM, Kamil Dudka <kdu...@redhat.com> wrote: > On Monday, July 28, 2014 11:56:46 David Shaw wrote: >> On Jul 28, 2014, at 10:24 AM, Kamil Dudka <kdu...@redhat.com> wrote: >>> On Thursday, July 24, 2014 17:18:25 David Shaw wrote: >>>> Hello, >>>> >>>> A good while back I had some code that needed to use the NSS CAs only >>>> (and >>>> not the PEM ca-bundle file). I did this by symlinking libnssckbi.so into >>>> my nssdb (so NSS would have the CA certs), >>> >>> I am not sure how this is supposed to work. Is it documented anywhere? >> >> It's mentioned here: http://curl.haxx.se/docs/sslcerts.html > > Thanks for the pointer! I was not aware of that. This probably stopped > working because of the following change (which helps to prevent collisions > on NSS initialization/shutdown with other libraries): > > https://github.com/bagder/curl/commit/20cb12db > > NSS_InitContext() internally calls nss_Init() with the noRootInit flag set, > which is intentional I am afraid.
Ah, that clears it up, thanks! I understand why this change was made. I can add some code to handle this case now. David ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
