Net-OpenID-* 1.030099_001 now on CPAN

29 views
Skip to first unread message

Robert Norris

unread,
Nov 6, 2010, 1:42:04 AM11/6/10
to openi...@googlegroups.com
Hi all,

I've just uploaded developer versions of the Net-OpenID distributions to CPAN:


The intent here is that once they've had some testing and a bit of spit and polish, they'll be released as version 1.5 (or 1.500.0 if you prefer. A big version bump to make sure its very clear that these are moved on from their previous versions).

The changes are mostly just restructuring to make the code easier to work with moving forward and easier to install:

* Split utility code common to both -Consumer and -Server out into Net-OpenID-Common
* Uses on Crypt::DH::GMP instead of Crypt::DH

There are a few new features and fixes though, taken from some of the community forks and patches around the place. The major ones:

* Fix potential timing attacks when comparing signatures
* Support for HMAC-SHA256 signatures in -Server
* Support fetching request args from Apache2::Request (mod_perl 2) objects

And one interface change:

* 'get_args' and 'post_args' in -Server have been combined into a single 'args' option. The old options are now deprecated and produce a warning. They will be removed in a future version.

If you have a RP or OP written using Net::OpenID I would very much appreciate you testing with these packages and reporting whether or not they work. You should find that they work without having to change any of your code. This was the case for my own OP but I've not written an RP yet to test with.

All going well, these will be released as 1.5 soon, and then work will start on new features and major refactorings and whatever else. First on my list is finishing off OpenID 2.0 server support and getting server extensions working (my immediate need).

Feel free to report bugs or features or whatever else. RT is preferred: 


If you know someone who might be using Net::OpenID::Consumer or Net::OpenID::Server, please let them know as I'm very eager to not break things for anyone (yet). I'll shortly post to the OpenID list, PerlMonks and Planet Perl Iron Man. Hopefully that'll catch everyone!

Cheers,
Rob.

Adam Sjøgren

unread,
Nov 20, 2010, 12:16:10 PM11/20/10
to openi...@googlegroups.com
On Sat, 6 Nov 2010 16:42:04 +1100, Robert wrote:

Did anyone get these to install on Debian stable (lenny)?

I got stuck on building Crypt::DH::GMP → Devel::CheckLib →
IO::CaptureOutput → newer Module::Build needed.

[...]


> * Uses on Crypt::DH::GMP instead of Crypt::DH

That is better than Crypt::DH with Math::BigInt::GMP? Just curious...


Best regards,

Adam

--
Woodhead's Law: "The further you are from your Adam Sjøgren
server, the more likely it is to crash." as...@koldfront.dk

Robert Norris

unread,
Nov 20, 2010, 8:02:35 PM11/20/10
to openi...@googlegroups.com
On Sun, Nov 21, 2010 at 4:16 AM, Adam Sjøgren <as...@koldfront.dk> wrote: 
Did anyone get these to install on Debian stable (lenny)?

I'm on unstable, but I'm using a private build of Perl so probably doesn't count.
 
I got stuck on building Crypt::DH::GMP → Devel::CheckLib →
IO::CaptureOutput → newer Module::Build needed.

Ahh, so running into problems with the system Perl? Does dh-make-perl to build a newer Module::Build help?
 
[...]
> * Uses on Crypt::DH::GMP instead of Crypt::DH

That is better than Crypt::DH with Math::BigInt::GMP? Just curious...

Sort of. Crypt::DH is so slow as to be unusable if you don't have Math::BigInt::GMP, but that wasn't always clear. Crypt::DH::GMP uses GMP directly and so is a bit faster. Its also maintained.

Adam Sjøgren

unread,
Nov 21, 2010, 9:25:48 AM11/21/10
to openi...@googlegroups.com
On Sun, 21 Nov 2010 12:02:35 +1100, Robert wrote:

> I'm on unstable, but I'm using a private build of Perl so probably doesn't
> count.

I think it would be no problem on unstable, but I am conservative and
run stable on my server :-)

> Ahh, so running into problems with the system Perl?

Yup, or rather, the new dependencies.

> Does dh-make-perl to build a newer Module::Build help?

Not really:

$ dh-make-perl --cpan Module::Build
Module::Build is a standard module.
$

:-)

>> That is better than Crypt::DH with Math::BigInt::GMP? Just curious...

> Sort of. Crypt::DH is so slow as to be unusable if you don't have
> Math::BigInt::GMP, but that wasn't always clear. Crypt::DH::GMP uses GMP
> directly and so is a bit faster. Its also maintained.

Sounds reasonable.

It looks like it was a drop-in replacement? Maybe I can just monkeypatch
my local clones to use Crypt::DH until the next Debian release :-)

The tests succeed when I do.

Adam Sjøgren

unread,
Dec 5, 2010, 5:09:52 PM12/5/10
to openi...@googlegroups.com
On Sat, 6 Nov 2010 16:42:04 +1100, Robert wrote:

> * Uses on Crypt::DH::GMP instead of Crypt::DH

(While testing I reverted this change, because installing Crypt::DH::GMP
is challenging on the current Debian stable (lenny).)

> If you have a RP or OP written using Net::OpenID I would very much
> appreciate you testing with these packages and reporting whether or not they
> work. You should find that they work without having to change any of your
> code. This was the case for my own OP but I've not written an RP yet to test
> with.

I have tested the modules briefly by logging in to these websites using
my own little homebrewed provider:

* http://ask.debian.net/
* http://stackexchange.com/
* http://openid-please.appspot.com/
* http://www.livejournal.com/
* https://www.quickdns.dk/
* http://freshmeat.net/
* http://opensource.com/
* http://news.ycombinator.com/
* http://slashdot.org/

all logins were successful with the modules from your git repositories.

Keep up the good work!


Best regards,

Adam

--
"I myself have spent many an enjoyable hour in my Adam Sjøgren
spare time not collecting stamps." as...@koldfront.dk

Reply all
Reply to author
Forward
0 new messages