Updated curl packages that fix two bugs are now available for Red Hat Enterprise Linux 6.
The curl packages provide the libcurl library and the cURL command line tool for transferring data using various protocols, including HTTP, FTP, FILE, LDAP, TELNET, TFTP, SCP. Both, libcurl and cURL, support many useful capabilities, such as user authentication, proxy support, FTP uploading, HTTP POST and PUT methods, SSL certificates, and file transfer resume.
Previously, SSL connections could not be established with libcurl if the selected Network Security Services (NSS) database was broken or invalid. This update modifies the code of libcurl to initialize NSS without a valid database, which allows applications to establish SSL connections as expected in this scenario.
The OpenLDAP suite was recently modified to use NSS instead of OpenSSL as the SSL back end. This change led to collisions between libcurl and OpenLDAP on NSS initialization and shutdown. Consequently, applications that were using both, libcurl and OpenLDAP, failed to establish SSL connections. This update modifies libcurl to use the same NSS API as OpenLDAP, which prevents collisions from occurring. Applications using OpenLDAP and libcurl can now connect to the LDAP server over SSL as expected.
All users of curl are advised to upgrade to these updated packages, which fix these bugs. All running applications that use libcurl have to be restarted for this update to take effect.