test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }rustls")
fi
+OPT_NSS_AWARE=no
+AC_ARG_WITH(nss-deprecated,dnl
+AS_HELP_STRING([--with-nss-deprecated],[confirm you realize NSS is going away]),
+ if test X"$withval" != Xno; then
+ OPT_NSS_AWARE=$withval
+ fi
+)
+
OPT_NSS=no
AC_ARG_WITH(nss,dnl
AS_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root]),
OPT_NSS=$withval
if test X"$withval" != Xno; then
- test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }NSS")
+
+ if test X"$OPT_NSS_AWARE" = "Xno" ; then
+ AC_MSG_ERROR([NSS use must be confirmed using --with-nss-deprecated. NSS support will be dropped from curl in August 2022. See docs/DEPRECATE.md])
+ fi
+
+ test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }NSS"
fi
+)
dnl If no TLS choice has been made, check if it was explicitly disabled or
dnl error out to force the user to decide.
as soon as possible and explain to us why this is a problem for you and
how your use case cannot be satisfied properly using a workaround.
-## Past removals
+## NSS
+
+We remove support for building curl with the NSS TLS library in August 2022.
+
+- There are very few users left who use curl+NSS
+- NSS has very few users outside of curl as well (primarily Firefox)
+- NSS is harder than ever to find documentation for
+- NSS was always "best" used with Red Hat Linux when they provided additional
+ features on top of the regular NSS that isn't shipped by the vanilla library
+
+Starting in 7.82.0, building curl to use NSS configure requires the additional
+flag --with-nss-deprecated in an attempt to highlight these plans.
+
+## past removals
- Pipelining
- axTLS
projects / thirdparty / curl.git / commitdiff
