develooper Front page | perl.perl5.porters | Postings from June 2022

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
From:
Arne Johannessen
Date:
June 17, 2022 14:48
Subject:
Re: Pre-RFC: support https out-of-the-box
Message ID:
3BA48B03-2469-4553-AD84-2FBDCC619C29@thaw.de
Felipe Gasperwrote:
>>> On Jun 16, 2022, at 14:42, Craig A. Berry <craig.a.berry@gmail.com> wrote:
>>>> So let's please not go with a Linux-only solution and just use
>>>> Mozilla::CA as already planned.
> 
> My macOS, FreeBSD, and Cygwin installs all have roots at $OPENSSLDIR/cert.pem. [...]
> 
> The problem with Mozilla::CA is [...]
> 
> Alternatively, ship a very-simple CPAN module that duplicates golang’s root-finding logic.


Neil's proposal is to go with option 1 aka IO::Socket::SSL, which already has its own logic. It checks several paths, including the one you mentioned above, and when it fails to find a root store, it falls back to Mozilla::CA.

https://metacpan.org/pod/IO::Socket::SSL#Basic-SSL-Client
https://metacpan.org/pod/IO::Socket::SSL#IO::Socket::SSL::default_ca([-path|dir|-SSL_ca_file-=-...,-SSL_ca_path-=%3E-...-])%3E

What, exactly, would be the problem with this part of IO::Socket::SSL?


By the way, I haven't seen HTTP::Tinyish discussed yet. Michiel Beijen pointed this out last time around.

This small module seems to solve Neil's option 4 (work with wget, curl, etc) and might perhaps be the simplest solution here. HTTP::Tinyish is basically how cpanm does HTTPS.

Among other things, it might side-step the lack of a configure stage and it avoids having to deal with finding a CA root store because it just uses whatever logic wget/curl has. However, it depends on other non-core modules, namely File::Which and IPC::Run3. Additionally, we would need to consider systems that have neither wget nor curl.

https://www.nntp.perl.org/group/perl.perl5.porters/2021/12/msg262117.html
https://metacpan.org/pod/HTTP::Tinyish


-- 
Arne Johannessen
<https://arne.johannessen.de/>




Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About