For the version 7.17.1 of curl, curl-7.17.1.ebuild gives precedence to gnutls. For. eg. if the user has USE="gnutls ssl nss", then gnutls is selected for SSL implementation because of the following piece of code in the ebuild: if use gnutls; then myconf="${myconf} --without-ssl --with-gnutls --without-nss" elif use nss; then myconf="${myconf} --without-ssl --without-gnutls --with-nss" elif use ssl; then myconf="${myconf} --without-gnutls --without-nss --with-ssl" else myconf="${myconf} --without-gnutls --without-nss --without-ssl" fi If you select gnutls for SSL implementation, then curl-config --protocols reports the following: HTTP FTP FILE TELNET LDAP DICT TFTP Note it does not support HTTPS or FTPS. I don't know if it *really* means that curl does not support HTTPS or FTPS. However if you give precedence to ssl rather than gnutls then curl-config --protocols will report: HTTP HTTPS FTP FTPS FILE TELNET LDAP DICT TFTP because it chooses openssl over gnutls for SSL implementation. I came to notice this problem after I upgraded and my previous application failed to log on to secure webserver using curl. It repeatedly failed saying:"A TLS packet with unexpected length was received". Googling led me to this page: http://osdir.com/ml/network.lftp.user/2005-11/msg00006.html I found some other mailing lists also which state gnutls is relatively less mature compared to openssl for SSL implementation. The issue only arises when users enable both ssl and gnutls use flags. One way around would be replace the above code snippet as follows: if use ssl; then myconf="${myconf} --without-gnutls --without-nss --with-ssl" elif use gnutls; then myconf="${myconf} --without-ssl --without-nss --with-gnutls" elif use nss; then myconf="${myconf} --without-ssl --without-gnutls --with-nss" else myconf="${myconf} --without-gnutls --without-nss --without-ssl" fi You might have to also make other changes in the ebuild. thanks, xalan Reproducible: Always Steps to Reproduce: 1. See description 2. 3. Actual Results: See description
Well, I'd say the ebuild should die and tell user to pick one instead of guessing what he wants - but that's been disliked by our QA. :|
FTPS and HTTPS are both supported with GnuTLS as well, that's a curl-config bug fixed in current CVS (and thus to appear in the upcoming 7.18.0)
for the moment I'm not willing to suddenly change behaviour. As Daniel mentioned this is really a curl-config problem (I'll be adding 7.18.1 soon). I note there is some ebuilds starting to use a openssl USE flag. Once its popularity increases bit more I'll start using it and developing a transition so people know what they are building.