|
|
Log in / Subscribe / Register

OpenSSL 3.0.0 released

OpenSSL 3.0.0 released

Posted Sep 8, 2021 8:46 UTC (Wed) by NAR (subscriber, #1313)
Parent article: OpenSSL 3.0.0 released

Other major new features
[...]
A proper HTTP(S) client

I understand that the openssl library needs an HTTP(S) client to check weather a certificate has been withdrawn. What I don't understand is that why do they carry their own implementation instead of using a library like libcurl. Do they want to avoid any external dependency? Or there isn't a HTTP client that works on all platforms that openssl supports? Or there's a chicken-and-egg problem, open source HTTP clients tend to depend on openssl?

to post comments

OpenSSL 3.0.0 released

Posted Sep 8, 2021 10:23 UTC (Wed) by grawity (subscriber, #80596) [Link] (1 responses)

I suspect dependencies may be the reason, and not just circular dependencies on openssl (but that's certainly a headache for packagers too).

If you look through lddtree, it turns out libcurl links against a whole lot of stuff you might not necessarily want to have loaded into your address space (not saying harmful, but more like memory usage, symbol conflicts, and stuff like that). I guess libfetch etc would be lighter but also not as readily available.

But yes, it reminds me of Pidgin (the IM client), which at some point removed well over a dozen hand-rolled HTTP clients from its codebase...

OpenSSL 3.0.0 released

Posted Sep 8, 2021 21:14 UTC (Wed) by JanC_ (guest, #34940) [Link]

And libcurl itself also implements a lot of protocols other than just HTTP(S), so it’s not only the dependencies that can be considered “too much”…

OpenSSL 3.0.0 released

Posted Sep 8, 2021 15:51 UTC (Wed) by ballombe (subscriber, #9523) [Link] (3 responses)

> I understand that the openssl library needs an HTTP(S) client to check weather

Indeed, as everybody else.

OpenSSL 3.0.0 released

Posted Sep 9, 2021 13:42 UTC (Thu) by amw (subscriber, #29081) [Link] (2 responses)

I just look out of the window :-)

OpenSSL 3.0.0 released

Posted Sep 10, 2021 4:26 UTC (Fri) by calumapplepie (guest, #143655) [Link] (1 responses)

HTTPSS is what I recommend to all my friends: all communication is done via smoke signal.

OpenSSL 3.0.0 released

Posted Sep 10, 2021 15:57 UTC (Fri) by KJ7RRV (subscriber, #153595) [Link]

For added security, I recommend HTTPSSS. Unencrypted smoke signals are quite simple to intercept.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds