develooper Front page | perl.perl5.porters | Postings from November 2021

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
From:
Tomasz Konojacki
Date:
November 24, 2021 02:31
Subject:
Re: Pre-RFC: support https out-of-the-box
Message ID:
20211124033053.9DEA.5C4F47F8@xenu.pl
On Tue, 23 Nov 2021 17:55:28 +0000
Neil Bowers <neilb@neilb.org> wrote:

> When you install Perl, although it comes with HTTP::Tiny, it doesn't support https because HTTP::Tiny requires IO::Socket::SSL (which isn’t bundled with Perl). This means that CPAN.pm and other tools can't make https mandatory, as when bootstrapping a new box you'll typically install perl then run cpan to first install Net::SSLeay and IO::Socket::SSL.
> 
> I think we should make Perl support https "out of the box", so that CPAN.pm could make https mandatory, and other modules could then support https while relying only on core modules.
> 
> One approach is to bundle Net::SSLeay and IO::Socket::SSL, but I don't know if that's the best / right solution?
> 
> One problem with bundling these modules is that we are then committed to ensuring that they work on all supported platforms / configurations. Is it ok to support https out-of-the-box on some supported platforms but not all of them? I think so.

We have a few optional core modules with external dependencies. For
example, we don't build DB_File when BerkeleyDB isn't installed. I think
it would be acceptable to do the same with the SSL modules.

In the future we might want to extend IO::Socket::SSL with additional
non-OpenSSL backends (e.g. pure-perl, SChannel for Windows), but that
shouldn't block its inclusion in core.


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About