Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^6: HSTS policy breaks cpan utility on Windows

by cavac (Curate)
on Nov 22, 2019 at 08:14 UTC ( #11109051=note: print w/replies, xml ) Need Help??


in reply to Re^5: HSTS policy breaks cpan utility on Windows
in thread HSTS policy breaks cpan utility on Windows

Yes, Core should include SSL capabilities from the start.

perl -e 'use Crypt::Digest::SHA256 qw[sha256_hex]; print substr(sha256_hex("the Answer To Life, The Universe And Everything"), 6, 2), "\n";'

Replies are listed 'Best First'.
Re^7: HSTS policy breaks cpan utility on Windows
by syphilis (Bishop) on Nov 22, 2019 at 09:12 UTC
    Yes, Core should include SSL capabilities from the start

    This would mean that perl would be dependent upon the SSL library on which the SSL-compatible CORE relies - either that, or the perl source has to include its own portable SSL code.
    I've had enough trouble with OpenSSL (and other libraries) in the past to be sympathetic to the view that perl should remain independent of all third party libraries, and I wouldn't like to burden the perl developers with the task of incorporating portable SSL code into the perl source.

    Cheers,
    Rob

      Couldn't "Configure" just test for the availability of a compatible SSL library and build/install/test the SSL modules only if the system has one of those libs?

      The problem with not having SSL from the start is sort of a big one: The first time you use CPAN, you are doing it from an untrusted source that makes it easy to MITM attack.

      perl -e 'use Crypt::Digest::SHA256 qw[sha256_hex]; print substr(sha256_hex("the Answer To Life, The Universe And Everything"), 6, 2), "\n";'
        Couldn't "Configure" just test for the availability of a compatible SSL library and build/install/test the SSL modules only if the system has one of those libs?

        I would think that could be done if someone were prepared to make the effort.
        Maybe the perl developers should be asked about this ?
        I don't think it's a job I'd like to take on, even if I thought I had the capability.

        I now have wget on all 4 of my home systems (including Windows).
        With 'urllist' set to 'https://www.cpan.org' (as marto suggested earlier) I'm now set up so that CPAN on any fresh installation of perl will use wget over https.

        Cheers,
        Rob

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11109051]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2021-01-23 20:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?