|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #76388 CURLOPT_SSLKEYPASSWD is not supported when curl is compiled with NSS
Submitted: 2018-05-29 10:00 UTC Modified: 2019-01-02 00:49 UTC
Avg. Score:4.4 ± 0.8
Reproduced:5 of 5 (100.0%)
Same Version:3 (60.0%)
Same OS:2 (40.0%)
From: samuel dot chemla at orange dot com Assigned:
Status: Open Package: cURL related
PHP Version: 7.2.6 OS: linux rhel
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: samuel dot chemla at orange dot com
New email:
PHP Version: OS:


 [2018-05-29 10:00 UTC] samuel dot chemla at orange dot com
Making a request with curl and a client certificate won't work if the client certificate key is ciphered.

Curl will generate an error:
curl error (58): unable to load client key: -8178 (SEC_ERROR_BAD_KEY) 

It seems this is due to curl compiled with NSS because with curl compiled with openssl it works

If this is correct please could you update the documentation to warn about this?

Test script:
curl_setopt($ch, CURLOPT_SSLCERT,       "<path to client PEM cert>");
curl_setopt($ch, CURLOPT_SSLKEY,        "<path to client PEM key>");
curl_setopt($ch, CURLOPT_SSLKEYPASSWD,  "password");

Expected result:
The client certificate should be presented to remote

Actual result:
If the private key begins with:
--> it will work

If it begins with:
--> it will generate "curl error (58): unable to load client key: -8178 (SEC_ERROR_BAD_KEY)"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-02 00:49 UTC]
-Package: Documentation problem +Package: cURL related
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Oct 01 03:01:22 2020 UTC