Unable to perform curl request under chrooted user: Unable to initialize NSS

Created:

2017-02-01 12:11:11 UTC

Modified:

2017-08-16 16:21:14 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to perform curl request under chrooted user: Unable to initialize NSS

Applicable to:

  • Plesk for Linux

Symptoms

The following error is shown while trying to perform curl request to any https service:

# curl -I -v https://api.example.com 
* About to connect() to api.example.com port 443 (#0)
* Trying fe20:2880:f012:1:face:b00c:0:1...
* Connected to api.example.com (fe20:2880:f012:1:face:b00c:0:1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* Unable to initialize NSS
* Closing connection 0
curl: (77) Problem with the SSL CA cert (path? access rights?)

The user has chrooted shell.

Cause

Missing SSL libraries in chrooted environment.

Resolution

Copy the following libraries to your domain's chrooted environment:


# cp /lib64/libsoftokn3.so /var/www/vhosts/example.com/usr/lib64/
# cp /usr/lib64/libsqlite3.so.0 /var/www/vhosts/example.com/usr/lib64/
# cp /usr/lib64/libsqlite3.so.0.8.6 /var/www/vhosts/example.com/usr/lib64/
# cp /usr/lib64/libfreeblpriv3.so /var/www/vhosts/example.com/usr/lib64/

If the issue persists, copy strace utility to chrooted user and find what libraries are missing in an environment:

# cp /usr/bin/strace /var/www/vhosts/example.com/usr/bin/
# su chrooted_user
# strace curl -I -v https://api.example.com

Have more questions? Submit a request
Please sign in to leave a comment.