Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Has the time come to drop NSS?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 28 Jan 2022 08:56:33 +0100 (CET)
Hello,
This morning we got a fresh issue [1] filed that involves the NSS library.
When I started to investigate this I ran a few google searches for some of the
invovled functions in NSS, such as PR_Recv, only to realize that there just is
no documentation for this to be found online anymore - anywhere. At least my
searches fell short. (Which made me file [2])
This is not in itself an alarming situation for us right now, since we can
still just use it like before, but to be this is a very clear sign that the
NSS team doesn't even bother anymore. To me, this is a clear sign they've
stopped caring and a message for us to reconsider if leaning on this leg is a
good idea for our users. Going forward into the mist with no map is not the
future I want.
Is it time to drop support for NSS?
I don't think any distribution is shipping curl build with NSS by default
anymore. I know there still are users of it, like the issue that triggered me
into this shows, but I think most users can be transitioned over to other TLS
backends.
Maybe we should set a date, maybe late 2022 and if things are still as
grim-looking in NSS-land as today we then say goodbye?
[1] = https://github.com/curl/curl/issues/8341
[2] = https://github.com/mdn/content/issues/12471
Date: Fri, 28 Jan 2022 08:56:33 +0100 (CET)
Hello,
This morning we got a fresh issue [1] filed that involves the NSS library.
When I started to investigate this I ran a few google searches for some of the
invovled functions in NSS, such as PR_Recv, only to realize that there just is
no documentation for this to be found online anymore - anywhere. At least my
searches fell short. (Which made me file [2])
This is not in itself an alarming situation for us right now, since we can
still just use it like before, but to be this is a very clear sign that the
NSS team doesn't even bother anymore. To me, this is a clear sign they've
stopped caring and a message for us to reconsider if leaning on this leg is a
good idea for our users. Going forward into the mist with no map is not the
future I want.
Is it time to drop support for NSS?
I don't think any distribution is shipping curl build with NSS by default
anymore. I know there still are users of it, like the issue that triggered me
into this shows, but I think most users can be transitioned over to other TLS
backends.
Maybe we should set a date, maybe late 2022 and if things are still as
grim-looking in NSS-land as today we then say goodbye?
[1] = https://github.com/curl/curl/issues/8341
[2] = https://github.com/mdn/content/issues/12471
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-01-28