Re: Pre-RFC: support https out-of-the-box

> On Jun 17, 2022, at 10:48, Arne Johannessen <aj22@thaw.de> wrote:
> 
> Felipe Gasperwrote:
>>>> On Jun 16, 2022, at 14:42, Craig A. Berry <craig.a.berry@gmail.com> wrote:
>>>>> So let's please not go with a Linux-only solution and just use
>>>>> Mozilla::CA as already planned.
>> 
>> My macOS, FreeBSD, and Cygwin installs all have roots at $OPENSSLDIR/cert.pem. [...]
>> 
>> The problem with Mozilla::CA is [...]
>> 
>> Alternatively, ship a very-simple CPAN module that duplicates golang’s root-finding logic.
> 
> 
> Neil's proposal is to go with option 1 aka IO::Socket::SSL, which already has its own logic. It checks several paths, including the one you mentioned above, and when it fails to find a root store, it falls back to Mozilla::CA.
> 
> https://metacpan.org/pod/IO::Socket::SSL#Basic-SSL-Client
> https://metacpan.org/pod/IO::Socket::SSL#IO::Socket::SSL::default_ca([-path|dir|-SSL_ca_file-=-...,-SSL_ca_path-=%3E-...-])%3E
> 
> What, exactly, would be the problem with this part of IO::Socket::SSL?

Nothing at all; this is basically what I was proposing. I didn’t realize that IO::Socket::SSL does it already. Bravo.

-F

• Pre-RFC: support https out-of-the-box by Neil Bowers
• Re: Pre-RFC: support https out-of-the-box by Wesley Schwengle via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Tomasz Konojacki
• Re: Pre-RFC: support https out-of-the-box by Paul "LeoNerd" Evans
• Re: Pre-RFC: support https out-of-the-box by Sergey Aleynikov
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Ovid via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Dan Book
• Re: Pre-RFC: support https out-of-the-box by Martijn Lievaart
• Re: Pre-RFC: support https out-of-the-box by Neil Bowers
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by gregor herrmann
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Elvin Aslanov
• Re: Pre-RFC: support https out-of-the-box by Alexander Hartmaier
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Darren Duncan
• Re: Pre-RFC: support https out-of-the-box by Alberto Simões
• Re: Pre-RFC: support https out-of-the-box by Martijn Lievaart
• Re: Pre-RFC: support https out-of-the-box by Oodler 577 via perl5-porters
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Alexander Hartmaier
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Arne Johannessen
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Ricardo Signes
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• mbedTLS WAS Re: Pre-RFC: support https out-of-the-box by Felipe Gasper
• Re: mbedTLS WAS Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Darren Duncan
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Yuki Kimoto
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Felipe Gasper
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Paul "LeoNerd" Evans
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Yuki Kimoto
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Elvin Aslanov
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tomasz Konojacki
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Andrew Hewus Fresh
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Salvador Fandiño
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Oodler 577 via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: supporthttpsout-of-the-box by Martijn Lievaart
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Tom Molesworth via perl5-porters
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Nicholas Clark
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Felipe Gasper
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Emmanuel Seyman
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Craig A. Berry
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Andrew Hewus Fresh
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by James E Keenan
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Paul "LeoNerd" Evans
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Michiel Beijen
• Re: OpenSSL alternative support WAS Re: Pre-RFC: support httpsout-of-the-box by Michiel Beijen
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto
• Re: Pre-RFC: support https out-of-the-box by Craig A. Berry
• Re: Pre-RFC: support https out-of-the-box by Yuki Kimoto