lftp: use openssl instead of gnutls

fixes lftp failing to verify sites secured with letsencrypt.

- more specifically, lftp doesn't validate the cross-signed ISRG Root X1 correctly[1][2].
- this issue is not present when built against openssl.
- a fix for the gnutls codepath has been merged[3], but the project has not seen a release since 2020.
- given this, and the questionable quality of gnutls, it seems reasonable to build with openssl instead.

reproducing this bug yields the following:

> Fatal error: Certificate verification: Not trusted (93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF)

[1]: https://askubuntu.com/questions/1366456/lftp-certificate-suddenly-not-trusted#comment2395548_1366818
[2]: https://github.com/lavv17/lftp/issues/641
[3]: https://github.com/lavv17/lftp/pull/642

Change-Id: Ib161d8741f6d6debde8a65d94a6c1965b23f82ff

pkgs/tools/networking/lftp/default.nix

@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, gnutls, pkg-config, readline, zlib, libidn2, gmp, libiconv, libunistring, gettext }:
+{ lib, stdenv, fetchurl, openssl, pkg-config, readline, zlib, libidn2, gmp, libiconv, libunistring, gettext }:
 
 stdenv.mkDerivation rec {
   pname = "lftp";
@@ -14,11 +14,12 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ pkg-config ];
 
-  buildInputs = [ gnutls readline zlib libidn2 gmp libiconv libunistring gettext ];
+  buildInputs = [ openssl readline zlib libidn2 gmp libiconv libunistring gettext ];
 
   hardeningDisable = lib.optional stdenv.isDarwin "format";
 
   configureFlags = [
+    "--with-openssl"
     "--with-readline=${readline.dev}"
     "--with-zlib=${zlib.dev}"
     "--without-expat"