Skip to content

Commit

Permalink
feat: add ssl opt to httpc by default (#626)
Browse files Browse the repository at this point in the history
  • Loading branch information
yordis authored Aug 1, 2024
1 parent 152b6ef commit 63502b2
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 1 deletion.
27 changes: 27 additions & 0 deletions lib/tesla/adapter/httpc.ex
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ defmodule Tesla.Adapter.Httpc do
consistency between adapters
"""

current_otp_version = List.to_integer(:erlang.system_info(:otp_release))

@behaviour Tesla.Adapter
import Tesla.Adapter.Shared, only: [stream_to_fun: 1, next_chunk: 1]
alias Tesla.Multipart
Expand All @@ -18,12 +20,37 @@ defmodule Tesla.Adapter.Httpc do
@impl Tesla.Adapter
def call(env, opts) do
opts = Tesla.Adapter.opts(@override_defaults, env, opts)
opts = add_default_ssl_opt(env, opts)

with {:ok, {status, headers, body}} <- request(env, opts) do
{:ok, format_response(env, status, headers, body)}
end
end

# TODO: remove this once OTP 25+ is required
if current_otp_version >= 25 do
def add_default_ssl_opt(env, opts) do
default_ssl_opt = [
ssl: [
verify: :verify_peer,
cacerts: :public_key.cacerts_get(),
depth: 3,
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
],
crl_check: true,
crl_cache: {:ssl_crl_cache, {:internal, [http: 1000]}}
]
]

Tesla.Adapter.opts(default_ssl_opt, env, opts)
end
else
def add_default_ssl_opt(_env, opts) do
opts
end
end

defp format_response(env, {_, status, _}, headers, body) do
%{env | status: status, headers: format_headers(headers), body: format_body(body)}
end
Expand Down
2 changes: 1 addition & 1 deletion mix.exs
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ defmodule Tesla.Mixfile do
test_coverage: [tool: ExCoveralls],
dialyzer: [
plt_core_path: "_build/#{Mix.env()}",
plt_add_apps: [:mix, :inets, :idna, :ssl_verify_fun, :ex_unit],
plt_add_apps: [:public_key, :mix, :inets, :idna, :ssl_verify_fun, :ex_unit],
plt_add_deps: :apps_direct
],
docs: docs(),
Expand Down
32 changes: 32 additions & 0 deletions test/tesla/adapter/httpc_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,36 @@ defmodule Tesla.Adapter.HttpcTest do

assert data["headers"]["content-type"] == "text/plain"
end

describe "badssl" do
@describetag :integration

test "expired.badssl.com" do
assert {:error, :econnrefused} =
Tesla.get(Tesla.client([], Tesla.Adapter.Httpc), "https://expired.badssl.com")
end

test "wrong.host.badssl.com" do
assert {:error, :econnrefused} =
Tesla.get(Tesla.client([], Tesla.Adapter.Httpc), "https://wrong.host.badssl.com")
end

test "self-signed.badssl.com" do
assert {:error, :econnrefused} =
Tesla.get(Tesla.client([], Tesla.Adapter.Httpc), "https://self-signed.badssl.com")
end

test "untrusted-root.badssl.com" do
assert {:error, :econnrefused} =
Tesla.get(
Tesla.client([], Tesla.Adapter.Httpc),
"https://untrusted-root.badssl.com"
)
end

test "revoked.badssl.com" do
assert {:error, :econnrefused} =
Tesla.get(Tesla.client([], Tesla.Adapter.Httpc), "https://revoked.badssl.com")
end
end
end

0 comments on commit 63502b2

Please sign in to comment.