--- curl-7.19.6/lib/nss.c	2009-09-30 15:29:35.965297742 +0200
+++ /tmp/nss.c	2009-09-30 15:23:05.000000000 +0200
@@ -63,6 +63,7 @@
 #include <secitem.h>
 #include <secport.h>
 #include <certdb.h>
+#include <base64.h>
 
 #include "curl_memory.h"
 #include "rawstr.h"
@@ -265,7 +266,7 @@ static int num_enabled_ciphers(void)
  */
 static int is_file(const char *filename)
 {
-  struct stat st;
+  struct_stat st;
 
   if(filename == NULL)
     return 0;
@@ -963,26 +964,38 @@ CURLcode Curl_nss_connect(struct connect
   /* FIXME. NSS doesn't support multiple databases open at the same time. */
   PR_Lock(nss_initlock);
   if(!initialized) {
+    struct_stat st;
 
-    certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
+    /* First we check if $SSL_DIR points to a valid dir */
+    certDir = getenv("SSL_DIR");
+    if(certDir) {
+      if((stat(certDir, &st) != 0) ||
+              (!S_ISDIR(st.st_mode))) {
+        certDir = NULL;
+      }
+    }
 
+    /* Now we check if the default location is a valid dir */
     if(!certDir) {
-      struct stat st;
-
-      if(stat(SSL_DIR, &st) == 0)
-        if(S_ISDIR(st.st_mode)) {
-          certDir = (char *)SSL_DIR;
-        }
+      if((stat(SSL_DIR, &st) == 0) &&
+              (S_ISDIR(st.st_mode))) {
+        certDir = (char *)SSL_DIR;
+      }
     }
 
     if (!NSS_IsInitialized()) {
       initialized = 1;
+      infof(conn->data, "Initializing NSS with certpath: %s\n",
+            certDir ? certDir : "none");
       if(!certDir) {
         rv = NSS_NoDB_Init(NULL);
       }
       else {
-        rv = NSS_Initialize(certDir, NULL, NULL, "secmod.db",
-                            NSS_INIT_READONLY);
+        char *certpath = PR_smprintf("%s%s",
+                         NSS_VersionCheck("3.12.0") ? "sql:" : "",
+                         certDir);
+        rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
+        PR_smprintf_free(certpath);
       }
       if(rv != SECSuccess) {
         infof(conn->data, "Unable to initialize NSS database\n");
@@ -1103,7 +1116,7 @@ CURLcode Curl_nss_connect(struct connect
     }
   }
   else if(data->set.ssl.CApath) {
-    struct stat st;
+    struct_stat st;
     PRDir      *dir;
     PRDirEntry *entry;
 
@@ -1282,7 +1295,7 @@ int Curl_nss_send(struct connectdata *co
   int rc;
 
   if(data->set.timeout)
-    timeout = PR_MillisecondsToInterval(data->set.timeout);
+    timeout = PR_MillisecondsToInterval((PRUint32)data->set.timeout);
   else
     timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);
 
@@ -1318,7 +1331,7 @@ ssize_t Curl_nss_recv(struct connectdata
   PRInt32 timeout;
 
   if(data->set.timeout)
-    timeout = PR_SecondsToInterval(data->set.timeout);
+    timeout = PR_SecondsToInterval((PRUint32)data->set.timeout);
   else
     timeout = PR_MillisecondsToInterval(DEFAULT_CONNECT_TIMEOUT);