On Sun, 13 Apr 2025 at 11:58:57 +0100, Samuel Henrique wrote:
Based on the replies to https://mastodon.social/@bagder/114329630276196304,
where there was some uncertainty around where the issue comes from, I figured I
should clarify it here:
git on Debian ends up indirectly linked to OpenSSL through the following:
git -> libcurl-gnutls -> libldap -> libssl
The openldap package switched to linking to OpenSSL in January this year (2025)
for Debian unstable.
openldap is not the only relevant dependency chain. There is also at least:
git -> libcurl3t64-gnutls -> libgssapi-krb5-2 -> libkrb5-3 -> libssl3t64
and
git -> libcurl3t64-gnutls -> libssh2-1t64 -> libssl3t64
(in the case of at least libssh2-1t64 it's for OpenSSL's lower-level
libcrypto library rather than the actual libssl, but Debian packages
those two libraries together in the libssl3t64 package, and as far as I
know they are both under the same license).
This means it's impossible to have a GnuTLS build of libcurl with ldap support
without also pulling OpenSSL transitively.
As a result of the other dependency chains, no amount of changing openldap
would be sufficient to resolve this on its own.
smcv
