Add libmbedstl as an alternative to OpenSSL
Opened this issue · 1 comments
From @zachhilman:
So you may have noticed that I published mbedtls recently. This was because we are planning on dropping openssl as a dependency. However, we have three downstream dependencies which use openssl: libcurl, hiredis, and libpq. For hiredis and libpq, we were just going to make ports (i.e. libhiredis-mbedtls and libpq-mbedtls) and publish as separate packages, but libcurl natively supports mbedtls. I developed a .diff file against the curl repository for build2, which adds config options to set the tls backend as well as enable zstd/brotli (not super necessary, but it was easy enough). Please let me know if this is the right way to accomplish this and if the patch needs anything else. I tested locally and it seemed to work with the basics test and the cli. It would also require zstd and libmbedtls out of the queue, if those packages need anything lmk.
diff --git a/libcurl/manifest b/libcurl/manifest
index 34e6ca5..194e020 100644
--- a/libcurl/manifest
+++ b/libcurl/manifest
@@ -19,3 +19,6 @@ depends: * bpkg >= 0.13.0
depends: libz ^1.2.1100
depends: libcrypto ^1.1.1
depends: libssl ^1.1.1
+depends: libmbedtls ^3.1.0
+depends: libbrotli ^1.0.9
+depends: zstd ^1.5.1We definitely don't want to depend on both openssl and mbedtls . The good news is that in the upcoming 0.15.0 we have support for conditional dependencies (and dependency configuration). We should probably handle this using these features and wait to publish until 0.15.0 is out (current estimate is in about a month). In the meantime, we can publish the packages to https://queue.stage.build2.org