Re: Pre-RFC: support https out-of-the-box

> On Jun 15, 2022, at 18:22, Craig A. Berry <craig.a.berry@gmail.com> wrote:
> 
> On Wed, Jun 15, 2022 at 2:23 AM Alexander Hartmaier
> <alex.hartmaier@gmail.com> wrote:
>> 
>> On Tue, Jun 14, 2022 at 6:18 PM Elvin Aslanov <rwp.primary@gmail.com> wrote:
>>> 
>>> yeah but `cpan Mozilla::CA` isn't hard to do to update the module and it won't break with newer Perl versions as well since it's just plaintext non-code certificates bundle
>> 
>> 
>> I'd prefer if the stack used the OS trusted CAs by default instead of having its own list.
>> This should only be the default and overrideable for private CA use-cases.
> 
> But that is a *massively* more difficult portability problem than just
> "where do I find OpenSSL or LibreSSL?".  Do you know where the OS
> trusted CAs are for every platform and distribution on which Perl
> runs? Or if there even is such a thing as an "OS trusted CA" on all of
> them?  Or what format they are in?  Or whether they even exist on the
> filesystem or are in some proprietary data store?

Clarification: by “OS-trusted CAs” I believe Alexander refers specifically to OpenSSL’s roots, which are easily discoverable via the mechanism I mentioned earlier in this thread.

The idea is: if there’s OpenSSL, use it; if not, no out-of-the-box TLS.

-FG

• Pre-RFC: support https out-of-the-box by Neil Bowers
• Re: Pre-RFC: support https out-of-the-box by Wesley Schwengle via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Tomasz Konojacki
• Re: Pre-RFC: support https out-of-the-box by Paul "LeoNerd" Evans
• Re: Pre-RFC: support https out-of-the-box by Sergey Aleynikov
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Ovid via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Dan Book
• Re: Pre-RFC: support https out-of-the-box by Martijn Lievaart
• Re: Pre-RFC: support https out-of-the-box by Neil Bowers
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by gregor herrmann
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Alexander Hartmaier
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Darren Duncan
• Re: Pre-RFC: support https out-of-the-box by Alberto Simões
• Re: Pre-RFC: support https out-of-the-box by Martijn Lievaart
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Alexander Hartmaier
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Arne Johannessen
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Ricardo Signes
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• mbedTLS WAS Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: mbedTLS WAS Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Darren Duncan
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Yuki Kimoto
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Felipe Gasper
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Paul "LeoNerd" Evans
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Yuki Kimoto
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Elvin Aslanov
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Andrew Hewus Fresh
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tom Molesworth via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Felipe Gasper
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Emmanuel Seyman
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Andrew Hewus Fresh
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by James E Keenan
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Paul "LeoNerd" Evans
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Michiel Beijen
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Michiel Beijen
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto