On 6/13/22 17:11, Neil Bowers wrote: > options: > 1. bundle modules, look for openssl (and poss other libs) > 2. bundle an SSL lib and modules such as Mbed TLS, WolfSSL > 3. Go with Curl, as it can work with a range of SSL libraries > 4. work with various SSL programs (wget, curl, etc) > 5. anything else? > > I suspect that the path of least resistance right now is to take > the first option: > - dual-life Net::SSLeay, IO::Socket::SSL, and Mozilla::CA > - Configure would look for OpenSSL or LibreSSL > - presumably it would have to make sure it's a recent enough version > - possibly refuse to proceed with certain versions that are now > known to have serious security issues > - cope with a later version of OpenSSL that's incompatible > > We'd have to approach the current maintainers of those modules to > see if they're happy for them to be bundle, explaining the implications. +1 for this approach, it keeps the ball rolling. I would like to add that the Docker perl image now supports HTTPS by default and also ships with cpm. Cheers, Wesley -- Wesley SchwengleThread Previous | Thread Next