develooper Front page | perl.perl5.porters | Postings from June 2022

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
From:
Wesley Schwengle via perl5-porters
Date:
June 14, 2022 14:19
Subject:
Re: Pre-RFC: support https out-of-the-box
Message ID:
89f6be9d-bffd-db47-d10a-f08c1b1618ee@protonmail.com
On 6/13/22 17:11, Neil Bowers wrote:
> options:
>    1. bundle modules, look for openssl (and poss other libs)
>    2. bundle an SSL lib and modules such as Mbed TLS, WolfSSL
>    3. Go with Curl, as it can work with a range of SSL libraries
>    4. work with various SSL programs (wget, curl, etc)
>    5. anything else?
>
> I suspect that the path of least resistance right now is to take
> the first option:
>    - dual-life Net::SSLeay, IO::Socket::SSL, and Mozilla::CA
>    - Configure would look for OpenSSL or LibreSSL
>    - presumably it would have to make sure it's a recent enough version
>    - possibly refuse to proceed with certain versions that are now
>    known to have serious security issues
>    - cope with a later version of OpenSSL that's incompatible
>
> We'd have to approach the current maintainers of those modules to
> see if they're happy for them to be bundle, explaining the implications.

+1 for this approach, it keeps the ball rolling.


I would like to add that the Docker perl image now supports HTTPS by
default and also ships with cpm.

Cheers,
Wesley


--
Wesley Schwengle



Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About