Conversation
This adds support for HTTPS repositories since both `HTTP::Tiny` and `LWP::UserAgent` can support the HTTPS protocol. This change adds to the `Alien::Base::ModuleBuild::Repository::HTTP` repository class.
I want to add HTTPS support so that I can convert Alien::GMP over to using Alien::Base. |
I like it. One thing that is problematic about SSL and Perl is that what sites are trusted is highly dependent on platform. Should we:
Most of these make security decisions on behalf of the user, which I am not crazy about, but there is a practicability about it, and it isn't any less secure than using an http/ftp Alien package which we already support. |
If we have an option to bundle CA certs, it seems to be a very similar situation to that of using |
I think it is worth discussing because I think you'll see failures almost immediately. On OpenBSD they are very paranoid (from memory) and nothing is trusted. |
This is a tricky one and I don't know what is the right answer. @jberger? |
Do we actually test connecting to http:// connections? If not I don't think we would test real https:// either. I'm not saying we shouldn't but if we are not then why would we get failures? |
I suppose the subclasses of Alien::Base will get failures. At this point, I think we can address that when the time comes, right? |
Yes, that is what I meant, any Alien::Foo that is connecting to https is going to fail. I am all for https support, but I think there should be some escape mechanism that makes it easy to get it to works without the user having to go in and patch Alien::Base, or figure out how to add the cert for their particular vendor. That is going to frustrate people, esp. when Alien::Foo isn't the thing they are probably interested in (they are of course more interested in Foo::XS or Foo::FFI). |
Let's merge it (aye) I will try and see if I can get it to fail and make some hooks to make it easier to deal with if necessary. |
Let's get the dev release/CPAN testers on this. Aye. |
merged and released as 0.007_01. |
It was looking good on cpan testers so I went ahead and released as 0.008. I'd like to see some interfaces at some point for allowing integrators to troubleshoot and resolve ssl errors, but I didn't want to delay this feature unnecessarily. @zmughal when/if you have a dist that uses this feature, please let me know the details, I will try it on some of my VMs. |
@plicease, I have just uploaded Alien::GMP v0.0.6_01 which uses this feature. |
@zmughal so I haven't (yet) been able to get it to die on a cert error on my collection of odd virtual platforms, which is good. Maybe the perl / lwp infrastructure is better and making sure it gets the appropriate certs than I thought it would be :) |
This adds support for HTTPS repositories since both
HTTP::Tiny
andLWP::UserAgent
can support the HTTPS protocol. This change adds to theAlien::Base::ModuleBuild::Repository::HTTP
repository class.