Control: forwarded 1038912 https://github.com/libreswan/libreswan/issues/1202
On Fri 2023-06-23 00:49:24 +0100, Samuel Henrique wrote: > This package build-depends on the NSS variant of libcurl "libcurl4-nss-dev". > > Curl's upstream announced support for NSS is going to be dropped in August > 2023: > https://curl.se/dev/deprecate.html#nss Thanks for the heads-up on this, Samuel. As i wrote over at https://github.com/libreswan/libreswan/issues/1202: AFAICT, libreswan currently uses curl only for fetching CRLs over HTTPS in the pluto daemon, entirely in programs/pluto/fetch.c. Since libreswan depends on libnss, of course it is reasonable to depend on the NSS variant of curl. But as of next month that won't be a supported configuration. If we build pluto against the OpenSSL or GnuTLS variant of curl, then pluto will depend on two different cryptography libraries (NSS directly, and whatever libcurl transitively depends on). That's unsightly and a bit bloaty, but probably still functional. Alternately, maybe there's some other HTTP client library that libreswan wants to move to that can support NSS as a crypto backend? If i hear nothing from upstream, i'll probably try switching debian's libreswan package to use libcurl-gnutls-dev. Happy to hear other recommendations if other people want to offer them. --dkg
signature.asc
Description: PGP signature
