develooper Front page | perl.perl5.porters | Postings from December 2021

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
From:
Yuki Kimoto
Date:
December 2, 2021 01:08
Subject:
Re: Pre-RFC: support https out-of-the-box
Message ID:
CAExogxMWSQ8+23fR7hmcTgu6bX68pA8xzNxuSur2-i5MuWCX7Q@mail.gmail.com
2021-11-24 2:55 Neil Bowers <neilb@neilb.org> wrote:

> When you install Perl, although it comes with HTTP::Tiny, it doesn't
> support https because HTTP::Tiny requires IO::Socket::SSL (which isn’t
> bundled with Perl). This means that CPAN.pm and other tools can't make
> https mandatory, as when bootstrapping a new box you'll typically install
> perl then run cpan to first install Net::SSLeay and IO::Socket::SSL.
>
> I think we should make Perl support https "out of the box", so that
> CPAN.pm could make https mandatory, and other modules could then support
> https while relying only on core modules.
>
> One approach is to bundle Net::SSLeay and IO::Socket::SSL, but I don't
> know if that's the best / right solution?
>
> One problem with bundling these modules is that we are then committed to
> ensuring that they work on all supported platforms / configurations. Is it
> ok to support https out-of-the-box on some supported platforms but not all
> of them? I think so.
>
> Neil
>

 I have a question about technical matters.

Net::SSLeay is a Perl binding of the OpenSSL library.

Normally, we can install Net::SSLeay only if the OpenSSL library is already
installed and the tests of Net::SSLeay are successful.

Suppose the Perl core contains Net::SSLeay.

In this case, Net::SSLeay is already installed without the OpenSSL library
and the tests of Net::SSLeay are not yet done.

How do we test for correctness of behavior of Net::SSLeay?

Do we need a conversation with the OpenSSL developers?

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About