(How) Does Composer support https communication via SSL libraries other than OpenSSL? #11676
-
|
It looks to me like Composer flat out refuses to download from https URLs unless PHP's OpenSSL extension is enabled. Question for Composer maintainers: do you recall any support requests from people who want to use some other SSL library (e.g., NSS), and have compiled their CURL libraries accordingly, and don't have PHP's OpenSSL extension enabled but still have a system capable of making https requests through CURL? And if so, how have you handled those situations? This question is coming up for Drupal in https://www.drupal.org/project/drupal/issues/3364565#comment-15254160. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Nope, nobody has ever asked as far as I can remember. FWIW, we do rely on openssl_* functions directly for CA bundle verification (in composer/ca-bundle), as well as in self-update to verify the phar file signature. |
Beta Was this translation helpful? Give feedback.
Nope, nobody has ever asked as far as I can remember.
FWIW, we do rely on openssl_* functions directly for CA bundle verification (in composer/ca-bundle), as well as in self-update to verify the phar file signature.