PATCH: Add Win32 SSL/https support (no OpenSSL/Crypt::SSLeay required)

Date: Apr 16 2003
========================================
Windows includes SSL code to handle https URLs (unless you've removed IE and WinHttp). 

The attached zip file contains files (perl-only) to use the Windows SSL code in LWP for https URLs.

Code was tested on Active Perl 5.8. The code should work if you have LWP v.5.68.

Thanks to Jacques Poulin for testing the code.

Update: Nov 06 2003
========================================
Fixed Win32::Internet error handling.


Files
------------------
mshttps.pm - goes in your %PERL%\site\lib\lwp\Protocol directory
Protocol.pm - can replace your %PERL%\site\lib\lwp\Protocol.pm
Protocol_20031106.diff - unified diff of my changes to Protocol.pm,
if you want to patch Protocol.pm instead of replacing it.

What works (stuff that I've tested)
------------------------------------
- GET
- POST
- HEAD

The code also supports using a proxy server.
I tested with https://207.61.234.99:80.

Modifying behaviour
-----------------------------------
From mshttps.pm;

Set PERL_LWP_MSHTTPS_USE_WININET env. variable to a non-empty value
   to force Wininet to be used

Set PERL_LWP_MSHTTPS_DONT_IGNORE_SSL_ERRORS env. variable to a non-empty value.
   to NOT ignore SSL certificate errors

What's not supported?
------------------------------------
- Passing in a CODE reference for the conttent of a request.
- The size hint as 3rd param to a request  call is essentially ignored. The SSL
  response content is returned in one huge block due to a limitation in one
  of the APIs used.
  

SSL websites tested
----------------------
https://www.modssl.org/example/test.phtml [SSL Cert errors]
https://ssl.netcraft.com
https://www.verisign.com
https://secure1.securityspace.com
https://secure.vintners.net/misc/secure_test_arrive.html
https://www.tradesports.com/

Caveats
----------------------
Some OS configurations prevent the perl code from turning off SSL errors. 
In those cases, any SSL error may cause the request to fail. This occurs esp. 
when using the Wininet DLL. 

This is not a common problem from my testing on different machines.

In Perl 5.8 and mshttps uses wininet.dll, you may get the error "Attempt 
to free non-existent shared string..." This is supposed to be fixed in 5.8.1.

Internals
----------------------
LWP calls in to the protocol handlers (http, https, ftp, etc.) to handle 
requests. 

The modifications to UserAgent.pm catch any failure to create a https
handler. If we're on Win32, we'll try to create an mshttps protocol handler
and use that to handle the https request. If we succeed in creating the
mshttps handle, we'll use that for https requests from now on.

The mshttps handler uses the WinHttp COM object via Win32::OLE
or the Wininet DLL via Win32::Internet if WinHttp is not found.


Changes
---------------------
Apr 16 2003 - moved code to fallback to use mshttps.pm from UserAgent.pm
              to Protocol.pm.

Nov 06 2003 - fixed Win32::Internet error handling.
1