Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Has the time come to drop NSS?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Howard Chu via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 28 Jan 2022 15:07:22 +0000
Daniel Stenberg via curl-library wrote:
> Hello,
>
> This morning we got a fresh issue [1] filed that involves the NSS library.
>
> When I started to investigate this I ran a few google searches for some of the invovled functions in NSS, such as PR_Recv, only to realize that there just is no
> documentation for this to be found online anymore - anywhere. At least my searches fell short. (Which made me file [2])
PR_Recv is part of NSPR, Netscape Portability Runtime. Technically a separate entity from NSS, used by it and other Mozilla code.
> This is not in itself an alarming situation for us right now, since we can still just use it like before, but to be this is a very clear sign that the NSS team
> doesn't even bother anymore. To me, this is a clear sign they've stopped caring and a message for us to reconsider if leaning on this leg is a good idea for our
> users. Going forward into the mist with no map is not the future I want.
>
> Is it time to drop support for NSS?
I'd say yes. The only reason it still existed was because of RedHat's misguided attempt to make it their base system security
library, which they have long since abandoned. OpenLDAP dropped support of it recently as well.
>
> I don't think any distribution is shipping curl build with NSS by default anymore. I know there still are users of it, like the issue that triggered me into
> this shows, but I think most users can be transitioned over to other TLS backends.
>
> Maybe we should set a date, maybe late 2022 and if things are still as grim-looking in NSS-land as today we then say goodbye?
>
> [1] = https://github.com/curl/curl/issues/8341
> [2] = https://github.com/mdn/content/issues/12471
>
Date: Fri, 28 Jan 2022 15:07:22 +0000
Daniel Stenberg via curl-library wrote:
> Hello,
>
> This morning we got a fresh issue [1] filed that involves the NSS library.
>
> When I started to investigate this I ran a few google searches for some of the invovled functions in NSS, such as PR_Recv, only to realize that there just is no
> documentation for this to be found online anymore - anywhere. At least my searches fell short. (Which made me file [2])
PR_Recv is part of NSPR, Netscape Portability Runtime. Technically a separate entity from NSS, used by it and other Mozilla code.
> This is not in itself an alarming situation for us right now, since we can still just use it like before, but to be this is a very clear sign that the NSS team
> doesn't even bother anymore. To me, this is a clear sign they've stopped caring and a message for us to reconsider if leaning on this leg is a good idea for our
> users. Going forward into the mist with no map is not the future I want.
>
> Is it time to drop support for NSS?
I'd say yes. The only reason it still existed was because of RedHat's misguided attempt to make it their base system security
library, which they have long since abandoned. OpenLDAP dropped support of it recently as well.
>
> I don't think any distribution is shipping curl build with NSS by default anymore. I know there still are users of it, like the issue that triggered me into
> this shows, but I think most users can be transitioned over to other TLS backends.
>
> Maybe we should set a date, maybe late 2022 and if things are still as grim-looking in NSS-land as today we then say goodbye?
>
> [1] = https://github.com/curl/curl/issues/8341
> [2] = https://github.com/mdn/content/issues/12471
>
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-01-28