Firstly, it is not Mojolicious (or LWP or anything else) that supports SNI. It is IO :: Socket :: SSL , but it’s actually not, because it is Net :: SSLeay , but in fact it is not your version of openssl .
- Install openssl 1.0 or later. You probably want to use the
--prefix option for configuration, to install it in a new directory, so as not to disturb what you already have and what other things depend on. - Update Net :: SSLeay to compile it against the new openssl. You need version 1.50 or later. The problem here is that the later Net :: SSLeay will work with older openssl . Updating the module will not give you a new openssl.
- Update IO :: Socket :: SSL to 1.56 or later. The earliest release is from 2012, so you should still upgrade.
- Mojolicious 2.83 (released in 2012, so old) added SNI support for clients, and Mojolicious 6.40 (a month ago) added it for all web servers.
You can find this information by looking at the changes file for each module, but for now, let’s get Net :: SSLeay sorted with it is not as simple as installing a module.
Some things you should pay attention to:
- You need to compile perl, openssl and Net :: SSLeay with the same tools so that they are compatible with binary files.
Use the OPENSSL_PREFIX variable to tell cpan (and everything that it starts) where you can find the correct openssl .
$ export OPENSSL_PREFIX=/usr/local/ssl $ cpan Net::SSLeay IO::Socket::SSL
If you already have the latest Net :: SSLeay , but compiled against the old version of openssl, you can force the module to recompile it even though cpan thinking about updating it:
$ cpan -f Net::SSLeay IO::Socket::SSL
IO :: Socket :: SSL has methods for checking this (added in 1.84):
$ /usr/local/ssl/bin/openssl version OpenSSL 1.0.1r 28 Jan 2016 $ perl -MIO::Socket::SSL -le 'print IO::Socket::SSL->VERSION' 2.024 $ perl -MIO::Socket::SSL -le 'print IO::Socket::SSL->can_client_sni' 1