Update libcurl and migrate/update polarssl to mbedtls (same library, new maintenance) #59
Comments
|
Yeah, I think there are two things we should do:
BTW
😄 |
|
I'll make an attempt again. It was such an easy task once I looked at it because nothing else required polarssl other than libcurl that I got sidetracked and tried to learn fancy cmake last night and went down a 🐇 🕳️ |
|
Related to this, a build of mbedTLS was added some time ago on the |
|
Yeah I would like to use the current version for both if they work. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think this should be expanded to a proper update and full test by @ps3dev/developers because we are super behind on libcurl and polarssl ->mbedtls, which is a security concern depending on what an end user does with the libraries we provide. I am almost sure most of us developers find it pertinent to remove sticks from the paths of less security focused and/or less experienced developers by not building insecure versions of curl and ssl libraries for extended periods of time. Leaving the older versions as an option for BC I can understand,
for when older software just will not build with updated versions (that those downstream applications should also just be updated is another discussion, let's control what we can) but as the default I am feeling a sense of responsibility.
As this is a substantial change, I think I will convert this comment to an issue so we can discuss and maybe I'll create a PR/branch and just start working on it. This is going to go fairly deep with dependency, because practically everything uses libcurl or ssl in some way these days lol.
At the same time, the --no-check-certificate is fairly obsolete today, since the advent of free valid ssl certificates from letsencrypt.
Originally posted by @miigotu in #58 (comment)
The text was updated successfully, but these errors were encountered: