[bop-devel] Net::HTTPS::Any test bug / install failure, was: Business::OnlinePayment
Ivan Kohler
ivan at freeside.biz
Mon May 12 16:18:04 PDT 2014
On Mon, May 12, 2014 at 08:55:50AM +0200, Stefan Hornburg (Racke) wrote:
> On 12/14/2013 12:03 AM, Ivan Kohler wrote:
> > On Fri, Dec 13, 2013 at 03:38:14PM +0100, Stefan Hornburg (Racke) wrote:
> >> On 02/07/2013 10:28 PM, Ivan Kohler wrote:
> >>> On Thu, Feb 07, 2013 at 01:44:00PM +0100, Stefan Hornburg (Racke) wrote:
> >>>>
> >>>> Ivan, can you please fix the Net::HTTPS::Any bug
> >>>> https://rt.cpan.org/Public/Bug/Display.html?id=73363?
> >>>>
> >>>> This causes install failure of Business::OnlinePayment unless you have both
> >>>> SSLeay modules present.
> >>>>
> >>>> Please let me know if you need assistance.
> >>>
> >>> I certainly wouldn't refuse a patch, also happy to add you as a co-maint
> >>> for Net::HTTPS::Any
> >>>
> >>>
> >>> For historical perspective, the whole B:OP:HTTPS / Net::HTTPS::Any thing
> >>> was mostly inspiried by Interchange's historical support for either
> >>> module and Mike Heins's reply about it being nice to have
> >>> http://www.icdevgroup.org/pipermail/interchange-users/2002-September/026005.html
> >>>
> >>
> >> Yes, please add me as co-maintainer for Net::HTTPS::Any.
> >
> > Done.
> >
> > FWIW, per above, the whole B:OP:HTTPS / Net::HTTPS::Any was added at
> > Interchange's behest over a decade ago. From here in 2013, if
> > supporting both SSL modules doesn't make as much sense as it did in
> > 2002, I'm also fine with dumping the whole idea and just picking the
> > current best-practice module for B:OP.
> >
>
> Marco Pessotto did a patch (see attachment) to replace Net::HTTPS::Any with
> LWP::UserAgent and LWP::Protocol::https.
>
> His comments:
>
> --snip--
>
> The code added has been ripped off from Net::HTTPS::Any (and same for
> the added tests). Anyway, I modified the response header code to use a
> for loop instead of the map, which was sending back odds element
> (probably due to ->header() used in list context).
>
> --snap--
>
> Please consider this patch - so we can get rid of Net::HTTPS::Any.
Sorry if I was unclear about "picking the current best-practice module".
I was thinking of one of the two code paths currently being used, not
new, untested code. We originally did B:OP:HTTPS and Net::HTTPS::Any
because the Interchange folks, but we do now have a functioning
ecosystem of fifty-some processors, many using B:OP:HTTPS (and a few
unrelated modules using Net::HTTPS::Any).
So we can't immediately get rid of Net::HTTPS::Any. We can fix whatever
test problem there is with it by picking a best-practice default, add
new code paths to it for new ways of speaking SSL, or deprecate it if
there's nowadays clear SSL library winner (and I'm fine with that), but
we can't immediately rip it out of B:OP in favor of an untested code
path.
Stepping back a bit, LWP has clearly indicated by moving from
Crypt::SSLeay to IO::Socket:SSL that Net::SSLeay is the way forward.
Net::SSLeay is already the default in Net::HTTPS::Any, and the original
problem was test failures. I uploaded Net::HTTPS::Any 0.11_01 which
depends on any only tests on Net::SSLeay, instead of previous versions
which depended on neither module but tested on both. This would seem to
resolve the problematic test issue without changing actual code running
existing transactions for folks.
--
_ivan
More information about the bop-devel
mailing list