develooper Front page | perl.perl5.porters | Postings from December 2021

Win32::HttpGetFile (Re: OpenSSL alternative support WAS Re: Pre-RFC:support httpsout-of-the-box)

Craig A. Berry
December 17, 2021 23:36
Win32::HttpGetFile (Re: OpenSSL alternative support WAS Re: Pre-RFC:support httpsout-of-the-box)
Message ID:
On Fri, Dec 10, 2021 at 3:30 PM Craig A. Berry <> wrote:
> On Fri, Dec 10, 2021 at 12:51 PM Nicholas Clark <> wrote:

> > I don't think that bundling Win32::API is a great idea, but a minimal XS
> > module to wrap what we need does feel like a win here. There doesn't seem
> > to be one on CPAN (yet).
> The functions in here:
> seem to consist mostly of random things people needed to bootstrap
> other things.  Arguably we now need a Win32::URLDownloadToFile() to
> bootstrap something.  Or maybe Win32::InternetReadFile()[1]. If it's
> killing a sacred cow to put something else in Win32.xs, someone should
> speak up.
> > Not only am I not competent to write such a thing, I can't even volunteer
> > to have a go at something like "Markov chains and a regression test", as
> > I don't have access to anything Win32 to try it out.
> Damn.  I have access so I have no excuses :-).  Well, other than only
> ever having dealt with the Win32 API in Visual Basic, and that a very
> long time ago.  Let me see how much trouble I can get myself into.

Quite a bit, it turns out.  I've submitted a solution upstream:

I looked at the docs for URLDownloadToFile and InternetReadFile and
they both had a deprecation smell emanating from them.  Or at least
the doc pages I landed on said things about the documentation no
longer being maintained.  It may be these things will be around
forever, but I ended up using the WinHttp library, which has been
around since Windows XP and looks to be very much maintained.  It
involved 8 or 10 different API calls (I lost count).

It's fairly easy to demonstrate that the new function successfully
downloads (via https) a tarball whose checksum matches the same
tarball downloaded with a web browser.  It is rather harder to
demonstrate that it has no memory leaks, no security issues, and
correctly handles all unexpected error conditions.  But, I did make an
effort to chase down all the details I could think of.  Feel free to
chime in on the GitHub PR if you have questions, concerns, or are able
to do independent testing. Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About