Switch libcurl to use libssh instead of libssh2
libcurl currently uses libssh2 to implement the SSH layer of SCP and SFTP protocols. After implementing this change, libcurl will use the libssh library instead.
- Name: Kamil Dudka
- Email: firstname.lastname@example.org
- Release notes ticket: #112
- FESCo shepherd: N/A
- Product: Fedora
- Responsible WG: kdudka
- Targeted release: Fedora 28
- Last updated: 2018-03-02
- Tracker bug: #1531483
libcurl currently uses libssh2 to implement the SSH layer of SCP and SFTP protocols. The libssh2 library uses outdated crypto algorithms and lacks important features like GSS-API authentication. After implementing this change, libcurl will use the libssh library instead, which is now more secure, feature-complete, and with more active upstream community.
Benefit to Fedora
- More secure and feature-complete implementation of SCP and SFTP in (lib)curl.
- Fewer system-critical crypto libraries to maintain.
- Proposal owners: kdudka (will switch the SSH library in the curl package once it is supported upstream)
- Other developers: nmav (currently working on the related pull-request with curl upstream)
- Release engineering: No action from release engineering is needed for this change (libcurl ABI is kept), releng review requested at https://pagure.io/releng/issue/7193
- Policies and guidelines: unaffected
- Trademark approval: not needed
- This change will mainly affect applications and libraries which use implementation of the SCP or SFTP protocols in (lib)curl.
How To Test
All direct and indirect dependencies of libcurl should be tested.
Unless the change reveals bugs elsewhere, users will not know about it.
anaconda, dracut, etc.
- Contingency mechanism: switch libcurl back to libssh2
- Contingency deadline: Fedora 28 Beta freeze
- Blocks release? No.
- Blocks product? No.
Needless to document.
We can mention the new features (stronger crypto, GSS-API auth) in case they work as expected.