Re: GNUTLS now a hard requirement for -base?

[Richard Frith-Macdonald]

On 19 May 2012, at 22:01, Ivan Vučica wrote:

> Hi all,
> 
> looks like GNUTLS is now a *hard* requirement for -base? Documentation -- 
> that is, the INSTALL file shipping with -base -- still states openssl is an 
> optional install, and doesn't mention GNUTLS in any way.

It's a standard requirement for basic functionality ... and base is now 
consistent in that it won't build without core functionality unless you 
explicitly ask it to (which you can still do).
The idea is that it should be possible for other libraries/apps to depend on 
the features of any normal copy of base, rather than having problems with base 
supporting different subsets of the standard APIs on different platforms.
 
> I do see that I can add --disable-tls, but shouldn't that be done 
> automatically? I understand the reasons why one may want to force users to 
> explicitly add this, nonetheless that was not the practice with OpenSSL.

The use of OpenSSL and GNUTLS in base do not overlap.
The OpenSSL code simply doesn't support the current APIs (NSStream and the 
modern URL/HTTPS classes) whether you enable it or not.

> Would --disable-tls also disable the use of OpenSSL?

No, but having OpenSSL does not get you what you might think ... it gives HTTPS 
support in the old NSURLHandle API that Apple deprecated some time back.

That *is* currently still of some value, because the main GNUTLS code supports 
the current APIs but not the deprecated one ... hopefully in the next release 
I'll have found time to have even the deprecated API supported (though that's 
not been a high priority for me).