Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box

* Martijn Lievaart <m@rtij.nl> [2021-12-03 17:35:17 +0100]:

> Op 03-12-2021 om 17:13 schreef Tomasz Konojacki:
> > On Fri, 3 Dec 2021 12:41:08 +0100
> > Salvador Fandino <sfandino@gmail.com> wrote:
> > 
> > > In this regard, and in the context of just bootstrapping a CPAN client, I think that using standalone TLS/HTTPS clients should be also considered.
> > > 
> > > Getting Net::SSLeay to compile against OpenSSL (or any other SSL client library) can be pretty difficult, but just wrapping something like "openssl s_client" command is mostly trivial. "socat", "curl" or "wget" are other options.
> > CPAN.pm already uses wget or curl when IO::Socket::SSL isn't available
> > and a https mirror was requested.
> > 
> 
> In that case, a major reason for getting ssl in core went away, and it is
> indeed just one of the features we may or may not add, like the csv support
> I requested.

cpanm uses http by default, though during the recent root CA letsencrypt-alypse 
I ran into this issue described here (and closed with workaround):

> 'need option to pass option to "don't verify SSL" to underlying download method (wget, curl, _lwp_)'
> https://github.com/miyagawa/cpanminus/issues/634

And while I do support a existing tools-based approach, this is not going to
be 100% foolproof since we're dealing with many realms outside of just the
perl domain.

Lastly, if we're going to rely on a tool that is not universially installed (not
even wget or curl is this reliably installed), our final logical backstop will
remain being the easiest way to get things on a computer, i.e., the native
package manager. Unfortunately in this case, I can't see how perl can be able
to accomplish this in a vacuum; so we may wish to consider diligence on the upstream
end to track what perl related stuff is: a) provided in a "base" (including "min")
install and b) whats available in the package manager.

Cheers,
Brett

> 
> 
> HTH,
> 
> M4
> 
> 

-- 
--
oodler@cpan.org
oodler577@sdf-eu.org
SDF-EU Public Access UNIX System - http://sdfeu.org
irc.perl.org #openmp #pdl #native

• Pre-RFC: support https out-of-the-box by Neil Bowers
• Re: Pre-RFC: support https out-of-the-box by Wesley Schwengle via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Tomasz Konojacki
• Re: Pre-RFC: support https out-of-the-box by Paul "LeoNerd" Evans
• Re: Pre-RFC: support https out-of-the-box by Sergey Aleynikov
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Ovid via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Dan Book
• Re: Pre-RFC: support https out-of-the-box by Martijn Lievaart
• Re: Pre-RFC: support https out-of-the-box by Neil Bowers
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by gregor herrmann
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Alexander Hartmaier
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Darren Duncan
• Re: Pre-RFC: support https out-of-the-box by Alberto Simões
• Re: Pre-RFC: support https out-of-the-box by Martijn Lievaart
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Alexander Hartmaier
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Arne Johannessen
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Ricardo Signes
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• mbedTLS WAS Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: mbedTLS WAS Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Darren Duncan
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Yuki Kimoto
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Felipe Gasper
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Paul "LeoNerd" Evans
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Yuki Kimoto
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Elvin Aslanov
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Andrew Hewus Fresh
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tom Molesworth via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Felipe Gasper
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Emmanuel Seyman
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Andrew Hewus Fresh
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by James E Keenan
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Paul "LeoNerd" Evans
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Michiel Beijen
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Michiel Beijen
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto