2021-11-24 2:55 Neil Bowers <neilb@neilb.org> wrote: > When you install Perl, although it comes with HTTP::Tiny, it doesn't > support https because HTTP::Tiny requires IO::Socket::SSL (which isnât > bundled with Perl). This means that CPAN.pm and other tools can't make > https mandatory, as when bootstrapping a new box you'll typically install > perl then run cpan to first install Net::SSLeay and IO::Socket::SSL. > > I think we should make Perl support https "out of the box", so that > CPAN.pm could make https mandatory, and other modules could then support > https while relying only on core modules. > > One approach is to bundle Net::SSLeay and IO::Socket::SSL, but I don't > know if that's the best / right solution? > > One problem with bundling these modules is that we are then committed to > ensuring that they work on all supported platforms / configurations. Is it > ok to support https out-of-the-box on some supported platforms but not all > of them? I think so. > > Neil > I have a question about technical matters. Net::SSLeay is a Perl binding of the OpenSSL library. Normally, we can install Net::SSLeay only if the OpenSSL library is already installed and the tests of Net::SSLeay are successful. Suppose the Perl core contains Net::SSLeay. In this case, Net::SSLeay is already installed without the OpenSSL library and the tests of Net::SSLeay are not yet done. How do we test for correctness of behavior of Net::SSLeay? Do we need a conversation with the OpenSSL developers?Thread Previous | Thread Next