Making cabal-install SSL capable

Thomas Tuegel ttuegel at
Tue Apr 28 11:56:04 UTC 2015

On Tue, Apr 28, 2015 at 3:21 AM, Michael Snoyman <michael at> wrote:
> I have no intention of playing the "minimal dependency" game (though I don't
> mind dropping data-default, which accounts for 6 of the dependencies listed
> there). I will point out- as Gershom already did- that in many cases it's
> likely easier to install a few extra Haskell packages than it is to pull in
> OpenSSL as a dependency, especially on Windows. (And that's ignoring the
> fact that http-client-openssl exists.)

Considering users with cabal-install already, that many dependencies
is only a small maintenance problem. Bootstrapping will not be a small

Gershom also pointed out the availability, on most platforms, of
utilities which already provide HTTP support. That route seems to be
the shortest distance between the problem and a solution.

> As a historical point of interest, I originally wrote http-client (or, as it
> was called at the time, http-enumerator) because I was trying to add OpenID
> support to an application, and the openid package[1] had done exactly what
> you've described: add HsOpenSSL to the HTTP package. I could never get a
> single connection to work with that combination. But maybe a brand new
> approach at writing that code will work.

This report is yet another reason to disfavor HsOpenSSL. We already
know it will add to installation difficulties. To that I will add:
Gershom questioned the trustworthiness of tls, but do we really trust
OpenSSL either?

Do we know anything about the usability of the HTTP+tls combination?

Thomas Tuegel

More information about the cabal-devel mailing list