<div dir="ltr"><div>Cheers,</div><div><br></div><div>> Not really sure why anybody would want nss.
</div><div><br></div><div>Historically, I believe the choice of OpenSSL vs NSS was mostly about licensing (different OSes accept/avoid different things), and the two code paths in NUT might be not fully on par with each other at the moment (PRs welcome if that is the case). They are also configured different due to format and location of the trust stores.</div><div><br></div><div>By default, if either is present in the build environment, NUT builds with its support (effectively `--with-ssl=auto`); preferring openssl if both are present. In auto mode, the build would also not fail if neither is available (conversely, if you as a packager specify a requirement and it can not be fulfilled in the given build environment, the build configuration should fail and you need to specify something else).</div><div><br></div><div>With NUT v2.8.x, you can see the explicit
build settings (check for enable/disable of ssl variants) when starting NUT programs in debug mode, including a help or version listing, e.g. a random state from my build VM:</div><div><br></div><div>:; upsd -DV<br>Network UPS Tools upsd 2.8.3.523.8-531+gec8a57f76 (development iteration after 2.8.3)<br> 0.000000 [D1] Network UPS Tools version 2.8.3.523.8-531+gec8a57f76 (development iteration after 2.8.3), 64-bit build for x86_64, built with gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0 and configured with flags: --enable-configure-debug PKG_CONFIG_PATH=/home/jim/nut/tmp/lib/pkgconfig:/usr/local/lib/x86_64-linux-gnu/pkgconfig:/usr/local/lib/pkgconfig:/usr/local/share/pkgconfig:/usr/lib/x86_64-linux-gnu/pkgconfig:/usr/lib/pkgconfig:/usr/share/pkgconfig CFLAGS='-I/home/jim/nut/tmp/include ' CPPFLAGS='-I/home/jim/nut/tmp/include ' CXXFLAGS='-I/home/jim/nut/tmp/include ' LDFLAGS='-L/home/jim/nut/tmp/lib ' --enable-keep_nut_report_feature --prefix=/home/jim/nut/tmp --sysconfdir=/home/jim/nut/tmp/etc/nut --with-udev-dir=/home/jim/nut/tmp/etc/udev --with-devd-dir=/home/jim/nut/tmp/etc/devd --with-hotplug-dir=/home/jim/nut/tmp/etc/hotplug --enable-docs-man-for-progs-built-only=no --enable-check-NIT --with-nut_monitor=force --with-pynut=auto --with-nut-scanner=auto --with-nutconf=auto --with-doc=skip --disable-spellcheck --with-all=auto --with-cgi=yes CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ CPP='gcc -E' --enable-warnings=auto --enable-Werror=auto --enable-Wcolor --without-all --without-ssl --with-serial=auto --without-usb</div><div><br></div><div>So, back to original questions:</div><div><br></div><div>> Is a custom compile required?</div><div><br></div><div>Probably not - but best check with the installed package, or its recipe - in case of Debian, at <a href="https://salsa.debian.org/debian/nut/-/blob/debian/debian/rules">https://salsa.debian.org/debian/nut/-/blob/debian/debian/rules</a> (note it is recently under development to update the released version, thanks Laurent!) which currently specifies `<code>--with-ssl --with-nss</code>`.</div><div><br></div><div>You might also want a custom compile to use the other SSL option that your distro packaging did not pick.</div><div><br></div><div>> If so, would the default configure settings with exception of
--with-openssl be the same as Debian repo?</div><div><br></div><div>See above :)</div><div><br></div><div>Hope this helps,</div><div>Jim Klimov</div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Jul 3, 2025 at 2:39 AM Greg Troxel via Nut-upsuser <<a href="mailto:nut-upsuser@alioth-lists.debian.net">nut-upsuser@alioth-lists.debian.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Also, I would say that if a packager omitted openssl from a nut build, I<br>
would find that very surprising. openssl is pretty much mandatory on<br>
any system for other reasons; it's not like skipping QT which is<br>
enormous and something many servers don't need. If a packager does<br>
want to omit openssl, I'd like to hear the rationale (because I'd learn<br>
something).<br>
<br>
_______________________________________________<br>
Nut-upsuser mailing list<br>
<a href="mailto:Nut-upsuser@alioth-lists.debian.net" target="_blank">Nut-upsuser@alioth-lists.debian.net</a><br>
<a href="https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser" rel="noreferrer" target="_blank">https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser</a><br>
</blockquote></div>