Re^8: HSTS policy breaks cpan utility on Windows

Couldn't "Configure" just test for the availability of a compatible SSL library and build/install/test the SSL modules only if the system has one of those libs?

The problem with not having SSL from the start is sort of a big one: The first time you use CPAN, you are doing it from an untrusted source that makes it easy to MITM attack.

perl -e 'use Crypt::Digest::SHA256 qw[sha256_hex]; print substr(sha256_hex("the Answer To Life, The Universe And Everything"), 6, 2), "\n";'

Comment on Re^8: HSTS policy breaks cpan utility on Windows Download Code

Replies are listed 'Best First'.
Re^9: HSTS policy breaks cpan utility on Windows by syphilis (Archbishop) on Nov 26, 2019 at 23:08 UTC
Couldn't "Configure" just test for the availability of a compatible SSL library and build/install/test the SSL modules only if the system has one of those libs? I would think that could be done if someone were prepared to make the effort. Maybe the perl developers should be asked about this ? I don't think it's a job I'd like to take on, even if I thought I had the capability. I now have wget on all 4 of my home systems (including Windows). With 'urllist' set to 'https://www.cpan.org' (as marto suggested earlier) I'm now set up so that CPAN on any fresh installation of perl will use wget over https. Cheers, Rob	[reply]

Replies are listed 'Best First'.

Re^9: HSTS policy breaks cpan utility on Windows
by syphilis (Archbishop) on Nov 26, 2019 at 23:08 UTC

Couldn't "Configure" just test for the availability of a compatible SSL library and build/install/test the SSL modules only if the system has one of those libs?

marto

[reply]