1431358 – [RFE] Switch curl to OpenSSL as TLS backend

Bug 1431358 - [RFE] Switch curl to OpenSSL as TLS backend

Summary: [RFE] Switch curl to OpenSSL as TLS backend

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	curl
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kamil Dudka
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-03-11 15:16 UTC by Igor Gnatenko
Modified:	2017-03-13 13:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-03-13 13:13:36 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1390624	0	unspecified	CLOSED	RFC: Switch to OpenSSL for rpm	2021-02-22 00:41:40 UTC

Internal Links: 1390624

Description Igor Gnatenko 2017-03-11 15:16:38 UTC

At this moment, in minimal container of Fedora we have 3 crypto libraries: NSS, OpenSSL and GnuTLS. This definitely doesn't help container to be minimal.

RPM got support for OpenSSL and will be switched in upcoming release. This means, NSS is needed only for curl and openldap.

Comment 1 Kamil Dudka 2017-03-13 13:13:36 UTC

No switch will happen.  Fedora/RHEL developers and users of curl, including RHEL customers, have invested a lot of resources to make everything work smoothly on top of NSS.  We are not going to throw it away and start over with OpenSSL just to satisfy your short-term goal.

Note there is already a request to switch to GnuTLS, instead, for other reasons:

    bug #1219544 comment #10

If you need to make the minimal installation more minimal, there are other ways to achieve it.  Switching TLS backends back and forth would waste resources for nothing.

Note You need to log in before you can comment on or make changes to this bug.