curl with nss doesn't send intermediate client certificates? #851
Description
I did this
curl --cert client.crt --key client.crt https://server.that.prompts.for.client.certs.example.com/
where client.crt contains a client certificate, an intermediate certificate, and the corresponding private key.
I expected the following
Successful connection!
I actually got
...
* SSL read: errno -12195 (SSL_ERROR_UNKNOWN_CA_ALERT)
* Peer does not recognize and trust the CA that issued your certificate.
curl/libcurl version
$ curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
operating system
$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
More details
When I execute the same command, with the same certificates, against a curl/openssl:
curl 7.48.0 (x86_64-apple-darwin13.4.0) libcurl/7.48.0 OpenSSL/1.0.2h zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
then it successfully connects.
When I execute the same command, with the same version of curl, against a host that has the full CA chain, then it successfully connects.