> On Jun 17, 2022, at 10:48, Arne Johannessen <aj22@thaw.de> wrote: > > Felipe Gasperwrote: >>>> On Jun 16, 2022, at 14:42, Craig A. Berry <craig.a.berry@gmail.com> wrote: >>>>> So let's please not go with a Linux-only solution and just use >>>>> Mozilla::CA as already planned. >> >> My macOS, FreeBSD, and Cygwin installs all have roots at $OPENSSLDIR/cert.pem. [...] >> >> The problem with Mozilla::CA is [...] >> >> Alternatively, ship a very-simple CPAN module that duplicates golang’s root-finding logic. > > > Neil's proposal is to go with option 1 aka IO::Socket::SSL, which already has its own logic. It checks several paths, including the one you mentioned above, and when it fails to find a root store, it falls back to Mozilla::CA. > > https://metacpan.org/pod/IO::Socket::SSL#Basic-SSL-Client > https://metacpan.org/pod/IO::Socket::SSL#IO::Socket::SSL::default_ca([-path|dir|-SSL_ca_file-=-...,-SSL_ca_path-=%3E-...-])%3E > > What, exactly, would be the problem with this part of IO::Socket::SSL? Nothing at all; this is basically what I was proposing. I didn’t realize that IO::Socket::SSL does it already. Bravo. -FThread Previous | Thread Next