Debian considers switching curl to use libssh instead of libssh2

[Daniel Stenberg]

On Fri, 31 Dec 2021, Andreas Schneider wrote:

> * Use only crypto from a FIPS certified library (e.g. OpenSSL).
>  libssh2 doesn't do that yet.

When libssh2 uses OpenSSL for crypto, what else does libssh2 use for crypto 
then that makes it not adhere?

> * Zero sensitive data before freeing it

I don't think that's a FIPS requirement?

BTW, libssh2 can also build with wolfSSL, which is FIPS ready.

-- 

  / daniel.haxx.se