LibreOffice CMIS server connection feature suffered a severe disease since the begining: it was not able to connect to servers using HTTPS. First a workaround was added for invalid certificates, but the problem also existed for valid ones as described by fdo#72277.

After several months of inactivity, I finally managed to grab enough courage to dive into curl and NSS. From 4.3.1, LibreOffice built with internal curl library, will be able to use the mozilla certificates database to validate CMIS connections.

For those wanting to know the gore details, LibreOffice internal curl library is built with NSS support. To read the certificates database, curl needs to find libnssckbi: so NSSInitializer UNO service was here to do that job. But using that service is not enought: curl doesn't know how to read the PKCS certificates stored in the database... and needs libnsspem to do that. After some digging, I uncovered it on fedorahosted and added it as a patch to LibreOffice internal NSS library.

Thanks Caolan and Michael Stahl for pointing me to the right direction to fix that one.