Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

want to check Mozilla :: CA #14

Closed
AnaTofuZ opened this issue Jul 15, 2018 · 5 comments

Comments

@AnaTofuZ
Copy link
Contributor

@AnaTofuZ AnaTofuZ commented Jul 15, 2018

I use plenv and perl-build .
CPAN::Perl::Releases::MetaCPAN used by perl-build internally uses HTTP::Tinyish.

CPAN::Perl::Releases::MetaCPAN is trying acess for https://metacpan.org/release/CPAN-Perl-Releases-MetaCPAN.

This uses Mac OS system perl in my environment.

So,I Trying...

599 Internal Exception, https://fastapi.metacpan.org/v1/release/_search, Can't verify SSL peers without knowing which Certificate Authorities to trust  This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE envirionment variable or by installing the Mozilla::CA module.  To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME envirionment variable to 0.  If you do this you can't be sure that you communicate with the expected peer.

I think that this error is due to HTTP::Tinysh not confirming Mozilla::CA.

I think change this line

if (eval { require LWP::Protocol::https; 1 }) {

-     if (eval { require LWP::Protocol::https; 1 }) {
+    if (eval { (require LWP::Protocol::https; 1) && ( require Mozilla::CA; 1) }) {

What do you think?
I send Pull-Request If it's OK with you.

@miyagawa

This comment has been minimized.

Copy link
Owner

@miyagawa miyagawa commented Jul 15, 2018

Does this mean your perl macOS comes with LWP::Protocol::https but has no Mozilla::CA bundled?

@AnaTofuZ

This comment has been minimized.

Copy link
Contributor Author

@AnaTofuZ AnaTofuZ commented Jul 17, 2018

You are right.

Since Mozilla::CA does not exist,it is impossible to https connection,but HTTP::Tinyish tried to connect HTTPS for LWP::Protocol::HTTPS.
So I thought I needed to check it.

@skaji

This comment has been minimized.

Copy link
Contributor

@skaji skaji commented Jul 20, 2018

❯ sw_vers
ProductName:	Mac OS X
ProductVersion:	10.13.5
BuildVersion:	17F77

❯ /usr/bin/perl -v
This is perl 5, version 18, subversion 2 (v5.18.2) built for darwin-thread-multi-2level
...

❯ /usr/bin/perl -MLWP::Protocol::https -E 'say LWP::Protocol::https->VERSION'
6.04

❯ /usr/bin/perl -MMozilla::CA -E 'say Mozilla::CA->VERSION'
Can't locate Mozilla/CA.pm in @INC (you may need to install the Mozilla::CA module) (@INC contains: /Library/Perl/5.18/darwin-thread-multi-2level /Library/Perl/5.18 /Network/Library/Perl/5.18/darwin-thread-multi-2level /Network/Library/Perl/5.18 /Library/Perl/Updates/5.18.2 /System/Library/Perl/5.18/darwin-thread-multi-2level /System/Library/Perl/5.18 /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level /System/Library/Perl/Extras/5.18 .).
BEGIN failed--compilation aborted.

Because LWP::Protocol::https requires Mozilla::CA as a runtime dependency, this is a bug of macOS, I think.
https://metacpan.org/source/GAAS/LWP-Protocol-https-6.04/META.json#L37

On the other hand, this bug also affects cpanminus:

❯ pwd
/Users/skaji/src/github.com/miyagawa/cpanminus/App-cpanminus

❯ /usr/bin/perl cpanm --mirror https://cpan.metacpan.org -llocal Plack
--> Working on Plack
Fetching https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/Plack-1.0047.tar.gz ... FAIL
! Download https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/Plack-1.0047.tar.gz failed. Retrying ...
! Download https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/Plack-1.0047.tar.gz failed. Retrying ...
! Download https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/Plack-1.0047.tar.gz failed. Retrying ...
! Failed to download https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/Plack-1.0047.tar.gz
! Failed to fetch distribution Plack-1.0047

So I think it is worth adding some workaround to HTTP::Tinyish.

@AnaTofuZ

This comment has been minimized.

Copy link
Contributor Author

@AnaTofuZ AnaTofuZ commented Sep 22, 2018

@miyagawa
Would you think again of this PR?
#15

@miyagawa

This comment has been minimized.

Copy link
Owner

@miyagawa miyagawa commented May 31, 2019

fixed by #15

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.