On Tue, Apr 28, 2015 at 3:21 AM, Michael Snoyman
I have no intention of playing the "minimal dependency" game (though I don't mind dropping data-default, which accounts for 6 of the dependencies listed there). I will point out- as Gershom already did- that in many cases it's likely easier to install a few extra Haskell packages than it is to pull in OpenSSL as a dependency, especially on Windows. (And that's ignoring the fact that http-client-openssl exists.)
Considering users with cabal-install already, that many dependencies is only a small maintenance problem. Bootstrapping will not be a small problem. Gershom also pointed out the availability, on most platforms, of utilities which already provide HTTP support. That route seems to be the shortest distance between the problem and a solution.
As a historical point of interest, I originally wrote http-client (or, as it was called at the time, http-enumerator) because I was trying to add OpenID support to an application, and the openid package[1] had done exactly what you've described: add HsOpenSSL to the HTTP package. I could never get a single connection to work with that combination. But maybe a brand new approach at writing that code will work.
This report is yet another reason to disfavor HsOpenSSL. We already know it will add to installation difficulties. To that I will add: Gershom questioned the trustworthiness of tls, but do we really trust OpenSSL either? Do we know anything about the usability of the HTTP+tls combination? -- Thomas Tuegel