Tomas Mraz wrote:
We'll have the pem loading working shortly. We had it in nss_compat_ossl, but it didn't get included in curl.On Fri, 2007-08-31 at 11:15 +0200, Tomas Mraz wrote:On Fri, 2007-08-31 at 07:15 +0200, Jindrich Novy wrote:Hi, On Wed, Aug 29, 2007 at 12:07:21AM +0200, Michael Schwendt wrote:On Tue, 28 Aug 2007 17:55:17 -0400, Warren Togami wrote:This afternoon I was attempting to diagnose why clumens' attempts to upload new source tarballs were failing, while it continued to work on my machine and nobody else was complaining. Didn't have time to isolate what exactly broke it, and I don't have a local rawhide install here to do so quickly. Can somebody figure out what changed?Uploads are still done with "curl" afaik. So: * Tue Aug 28 2007 Jindrich Novy <jnovy redhat com> 7.16.4-3 - don't use openssl, use nss insteadYes, it's likely caused by the openssl -> nss switch, more at rhbz#266021.See also workaround in https://bugzilla.redhat.com/show_bug.cgi?id=266021#c3 which requires some changes to the Makefile though.And the changes are here - supposed that the NSS cert db is in ~/.nss, the cert nickname is Fedora and the NSS cert db password is not password protected. Index: Makefile.common =================================================================== RCS file: /cvs/pkgs/common/Makefile.common,v retrieving revision 1.73 diff -u -r1.73 Makefile.common --- Makefile.common 24 Jul 2007 17:10:44 -0000 1.73 +++ Makefile.common 31 Aug 2007 09:25:22 -0000 @@ -192,7 +192,7 @@# we hardwire curl in here because the upload rules are very dependent# on curl's behavior on missing pages, ISEs, etc. -UPLOAD_CERT = $(shell if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi) +UPLOAD_CERT = $(shell if test -d $(HOME)/.nss ; then echo " --cert Fedora --cacert $(HOME)/.nss" ; else if test -f $(HOME)/.fedora.cert ; then echo " --cert $(HOME)/.fedora.cert" ; fi ; fi) UPLOAD_CHECK = curl -k $(UPLOAD_CERT) --fail --silent UPLOAD_CLIENT = curl -k $(UPLOAD_CERT) --fail --show-error --progress-bar
Longer term we should put the cert in the NSS db as tomas's patch show, that way more than just curl can access the certificate.
Description: S/MIME Cryptographic Signature