< Changes
Switch libcurl back to OpenSSL
Summary
libcurl in Fedora currently uses the NSS (Network Security Services) library for TLS and cryptography. After implementing this change, libcurl will use OpenSSL instead of NSS.
Owner
- Name: Kamil Dudka
- Email: kdudka@redhat.com
- Release notes owner: N/A
- FESCo shepherd: N/A
- Product: Fedora
- Responsible WG: kdudka
Current status
- Targeted release: Fedora 27
- Last updated: 2017-04-06
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
In order to make even smaller Fedora base images, it was proposed to switch libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which motivated the switch of libcurl from OpenSSL to NSS ten years ago, is now deprecated and libcurl is the only package that pulls NSS as its dependency into the Fedora base image. Hence, by switching libcurl back to OpenSSL, we could create Fedora base image that contains fewer crypto libraries inside.
Benefit to Fedora
Smaller base image, fewer cpryto libraries inside.
Scope
- Proposal owners: kdudka
- Other developers: psabata, ignatenko, sgallagh
- Release engineering: unaffected
- Policies and guidelines: unaffected
- Trademark approval: not needed
Upgrade/compatibility impact
- Firefox certificate database can no longer be used by (lib)curl-based applications.
- Existing certificate databases need to be dumped to files to be used by (lib)curl.
How To Test
N/A (not a System Wide Change)
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
N/A (not a System Wide Change)