develooper Front page | perl.perl5.porters | Postings from June 2022

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
Felipe Gasper
June 16, 2022 00:38
Re: Pre-RFC: support https out-of-the-box
Message ID:

> On Jun 15, 2022, at 18:22, Craig A. Berry <> wrote:
> On Wed, Jun 15, 2022 at 2:23 AM Alexander Hartmaier
> <> wrote:
>> On Tue, Jun 14, 2022 at 6:18 PM Elvin Aslanov <> wrote:
>>> yeah but `cpan Mozilla::CA` isn't hard to do to update the module and it won't break with newer Perl versions as well since it's just plaintext non-code certificates bundle
>> I'd prefer if the stack used the OS trusted CAs by default instead of having its own list.
>> This should only be the default and overrideable for private CA use-cases.
> But that is a *massively* more difficult portability problem than just
> "where do I find OpenSSL or LibreSSL?".  Do you know where the OS
> trusted CAs are for every platform and distribution on which Perl
> runs? Or if there even is such a thing as an "OS trusted CA" on all of
> them?  Or what format they are in?  Or whether they even exist on the
> filesystem or are in some proprietary data store?

Clarification: by “OS-trusted CAs” I believe Alexander refers specifically to OpenSSL’s roots, which are easily discoverable via the mechanism I mentioned earlier in this thread.

The idea is: if there’s OpenSSL, use it; if not, no out-of-the-box TLS.


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About