develooper Front page | perl.perl5.porters | Postings from June 2022

Re: Pre-RFC: support https out-of-the-box

Thread Previous | Thread Next
From:
Felipe Gasper
Date:
June 17, 2022 14:57
Subject:
Re: Pre-RFC: support https out-of-the-box
Message ID:
36F61DBD-D259-4F03-8B7C-5EFCEF9F1F2D@felipegasper.com

> On Jun 17, 2022, at 10:48, Arne Johannessen <aj22@thaw.de> wrote:
> 
> Felipe Gasperwrote:
>>>> On Jun 16, 2022, at 14:42, Craig A. Berry <craig.a.berry@gmail.com> wrote:
>>>>> So let's please not go with a Linux-only solution and just use
>>>>> Mozilla::CA as already planned.
>> 
>> My macOS, FreeBSD, and Cygwin installs all have roots at $OPENSSLDIR/cert.pem. [...]
>> 
>> The problem with Mozilla::CA is [...]
>> 
>> Alternatively, ship a very-simple CPAN module that duplicates golang’s root-finding logic.
> 
> 
> Neil's proposal is to go with option 1 aka IO::Socket::SSL, which already has its own logic. It checks several paths, including the one you mentioned above, and when it fails to find a root store, it falls back to Mozilla::CA.
> 
> https://metacpan.org/pod/IO::Socket::SSL#Basic-SSL-Client
> https://metacpan.org/pod/IO::Socket::SSL#IO::Socket::SSL::default_ca([-path|dir|-SSL_ca_file-=-...,-SSL_ca_path-=%3E-...-])%3E
> 
> What, exactly, would be the problem with this part of IO::Socket::SSL?

Nothing at all; this is basically what I was proposing. I didn’t realize that IO::Socket::SSL does it already. Bravo.

-F

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About