develooper Front page | perl.perl5.porters | Postings from May 2021

https "out of the box" on Win32 (was Re: PSC #021 2021-05-21)

Thread Previous | Thread Next
From:
Nicholas Clark
Date:
May 25, 2021 05:44
Subject:
https "out of the box" on Win32 (was Re: PSC #021 2021-05-21)
Message ID:
20210525054344.GF16703@etla.org
On Tue, May 25, 2021 at 03:21:13PM +1000, Tony Cook wrote:
> On Sun, May 23, 2021 at 03:30:24PM +0100, Neil Bowers wrote:
> > Rik suggested that in this day and age Perl should really handle
>   https, so we talked about that. Step 1 would be for Configure to
>   notice that you've got openssl installed, so we could install
>   Net::SSLeay for you. Even better would be if we could have
>   IO::Socket::SSL included as well, so HTTP::Tiny could do https "out
>   of the box". Possible 3rd step might be bundling openssl/libressl,
>   but one step at a time. We'll talk about this some more.
> 
> I suspect on Win32 it would be simpler to use Win32::Internet (or
> something that wraps the same APIs), of course there would need to be
> another wrapper that selects that on Win32 and HTTP::Tiny otherwise.

I wasn't aware of this. CPAN Testers is full of orange*
http://matrix.cpantesters.org/?dist=Win32-Internet+0.087
but think that that is only because the module has no tests

> Another option would be an IO::Socket::SSL compatible wrapper around
> the Win32 crypto API, but this would be a lot more effort.

That sounds like a lot more work than your suggestion above.
This is also writing C code on Win32, whereas the alternative is Perl code.

> Either has the advantage that it uses the Windows certificate store,
> which I think is more likely to be kept up to date than other sources.

I wasn't aware that Windows did it this way. However, I have been bitten
by certificates (or lack of them) on Linux, and how to get the current
sets on older OSes without rolling a whole bunch of stuff yourself.
So using the official store seems like the best way to make this actually
work, instead of just being "marketing compatible with https".

Nicholas Clark

* a colour which normally would please acme

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About