develooper Front page | perl.perl5.porters | Postings from June 2022

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
Arne Johannessen
June 17, 2022 14:48
Re: Pre-RFC: support https out-of-the-box
Message ID:
Felipe Gasperwrote:
>>> On Jun 16, 2022, at 14:42, Craig A. Berry <> wrote:
>>>> So let's please not go with a Linux-only solution and just use
>>>> Mozilla::CA as already planned.
> My macOS, FreeBSD, and Cygwin installs all have roots at $OPENSSLDIR/cert.pem. [...]
> The problem with Mozilla::CA is [...]
> Alternatively, ship a very-simple CPAN module that duplicates golang’s root-finding logic.

Neil's proposal is to go with option 1 aka IO::Socket::SSL, which already has its own logic. It checks several paths, including the one you mentioned above, and when it fails to find a root store, it falls back to Mozilla::CA.[-path|dir|-SSL_ca_file-=-...,-SSL_ca_path-=%3E-...-])%3E

What, exactly, would be the problem with this part of IO::Socket::SSL?

By the way, I haven't seen HTTP::Tinyish discussed yet. Michiel Beijen pointed this out last time around.

This small module seems to solve Neil's option 4 (work with wget, curl, etc) and might perhaps be the simplest solution here. HTTP::Tinyish is basically how cpanm does HTTPS.

Among other things, it might side-step the lack of a configure stage and it avoids having to deal with finding a CA root store because it just uses whatever logic wget/curl has. However, it depends on other non-core modules, namely File::Which and IPC::Run3. Additionally, we would need to consider systems that have neither wget nor curl.

Arne Johannessen

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About