Bug 1431358

Summary: [RFE] Switch curl to OpenSSL as TLS backend
Product: [Fedora] Fedora Reporter: Igor Gnatenko <ignatenko>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: kdudka, paul
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-13 13:13:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Igor Gnatenko 2017-03-11 15:16:38 UTC 
At this moment, in minimal container of Fedora we have 3 crypto libraries: NSS, OpenSSL and GnuTLS. This definitely doesn't help container to be minimal.

RPM got support for OpenSSL and will be switched in upcoming release. This means, NSS is needed only for curl and openldap.
Comment 1 Kamil Dudka 2017-03-13 13:13:36 UTC 
No switch will happen.  Fedora/RHEL developers and users of curl, including RHEL customers, have invested a lot of resources to make everything work smoothly on top of NSS.  We are not going to throw it away and start over with OpenSSL just to satisfy your short-term goal.

Note there is already a request to switch to GnuTLS, instead, for other reasons:

    bug #1219544 comment #10

If you need to make the minimal installation more minimal, there are other ways to achieve it.  Switching TLS backends back and forth would waste resources for nothing.