2021-11-24 2:55 Neil Bowers <neilb@neilb.org> wrote:
> When you install Perl, although it comes with HTTP::Tiny, it doesn't
> support https because HTTP::Tiny requires IO::Socket::SSL (which isn’t
> bundled with Perl). This means that CPAN.pm and other tools can't make
> https mandatory, as when bootstrapping a new box you'll typically install
> perl then run cpan to first install Net::SSLeay and IO::Socket::SSL.
>
> I think we should make Perl support https "out of the box", so that
> CPAN.pm could make https mandatory, and other modules could then support
> https while relying only on core modules.
>
> One approach is to bundle Net::SSLeay and IO::Socket::SSL, but I don't
> know if that's the best / right solution?
>
> One problem with bundling these modules is that we are then committed to
> ensuring that they work on all supported platforms / configurations. Is it
> ok to support https out-of-the-box on some supported platforms but not all
> of them? I think so.
>
> Neil
>
My easy idea is to ask OS-distributors for including Net::SSLeay,
Mozilla::CA, and IO::Socket::SSL to the standard Perl package.
For example, ubuntu
# Current perl package doesn't contain Net::SSLeay, Mozilla::CA, and
IO::Socket::SSL
apt install perl
This is changed to:
# perl package contains Net::SSLeay, Mozilla::CA, and IO::Socket::SSL
apt install perl
# perl-nossl package doesn't contain Net::SSLeay, Mozilla::CA, and
IO::Socket::SSL
apt install perl-nossl
> When you install Perl, although it comes with HTTP::Tiny, it doesn't
> support https because HTTP::Tiny requires IO::Socket::SSL (which isn’t
> bundled with Perl). This means that CPAN.pm and other tools can't make
> https mandatory, as when bootstrapping a new box you'll typically install
> perl then run cpan to first install Net::SSLeay and IO::Socket::SSL.
>
> I think we should make Perl support https "out of the box", so that
> CPAN.pm could make https mandatory, and other modules could then support
> https while relying only on core modules.
>
> One approach is to bundle Net::SSLeay and IO::Socket::SSL, but I don't
> know if that's the best / right solution?
>
> One problem with bundling these modules is that we are then committed to
> ensuring that they work on all supported platforms / configurations. Is it
> ok to support https out-of-the-box on some supported platforms but not all
> of them? I think so.
>
> Neil
>
My easy idea is to ask OS-distributors for including Net::SSLeay,
Mozilla::CA, and IO::Socket::SSL to the standard Perl package.
For example, ubuntu
# Current perl package doesn't contain Net::SSLeay, Mozilla::CA, and
IO::Socket::SSL
apt install perl
This is changed to:
# perl package contains Net::SSLeay, Mozilla::CA, and IO::Socket::SSL
apt install perl
# perl-nossl package doesn't contain Net::SSLeay, Mozilla::CA, and
IO::Socket::SSL
apt install perl-nossl