Fix broken compilation due to failing ct_expand parse transform

- `parse_trans` needs to be imported as a dependency - `ct_expand` needs to be applied to `hackney_ssl` at compile time - the extraction of public key info from certificates needs to be moved to a separate module (`hackney_ssl_certificate`) because the record definitions are not available during the `ct_expand` compilation pass - this separate module needs to be compiled before `hackney_ssl` to ensure it's available at compile time (`erl_first_files` declaration in `rebar.config)
benoitc · May 21, 2020 · 92c0f4c · 92c0f4c
1 parent 66415cf
commit 92c0f4c
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 9 deletions.
diff --git a/rebar.config b/rebar.config
@@ -8,6 +8,10 @@
             {platform_define, "^20", no_customize_hostname_check}
            ]}.
 
+{erl_first_files,
+ ["src/hackney_ssl_certificate.erl" % required by `hackney_ssl' at compile time
+ ]}.
+
 {xref_checks, [undefined_function_calls]}.
 
 {cover_enabled, true}.
@@ -20,6 +24,7 @@
         {mimerl, "~>1.1"},
         {certifi, "2.5.2"},
         {metrics, "1.0.1"},
+        {parse_trans, "3.3.0"},
         {ssl_verify_fun, "1.1.6"}
        ]}.
 

diff --git a/rebar.lock b/rebar.lock
@@ -3,7 +3,7 @@
  {<<"idna">>,{pkg,<<"idna">>,<<"6.0.1">>},0},
  {<<"metrics">>,{pkg,<<"metrics">>,<<"1.0.1">>},0},
  {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},0},
- {<<"parse_trans">>,{pkg,<<"parse_trans">>,<<"3.3.0">>},1},
+ {<<"parse_trans">>,{pkg,<<"parse_trans">>,<<"3.3.0">>},0},
  {<<"ssl_verify_fun">>,{pkg,<<"ssl_verify_fun">>,<<"1.1.6">>},0},
  {<<"unicode_util_compat">>,{pkg,<<"unicode_util_compat">>,<<"0.5.0">>},1}]}.
 [

diff --git a/src/hackney.app.src b/src/hackney.app.src
@@ -15,6 +15,7 @@
       idna,
       mimerl,
       certifi,
+      parse_trans,
       ssl_verify_fun,
       metrics]},
     {included_applications, []},

diff --git a/src/hackney_ssl.erl b/src/hackney_ssl.erl
@@ -6,6 +6,8 @@
 %%% Copyright (c) 2011-2012, Loïc Hoguin <essen@ninenines.eu>
 
 -module(hackney_ssl).
+-compile({parse_transform, ct_expand}).
+
 -export([messages/1,
   connect/3, connect/4,
   recv/3, recv/2,
@@ -19,9 +21,6 @@
 
 -export([check_hostname_opts/1]).
 
-
--include_lib("public_key/include/OTP-PUB-KEY.hrl").
-
 %% @doc Atoms used to identify messages in {active, once | true} mode.
 messages(_) -> {ssl, ssl_closed, ssl_error}.
 
@@ -88,16 +87,14 @@ decoded_cacerts() ->
   ct_expand:term(
     lists:foldl(fun(Cert, Acc) ->
                     Dec = public_key:pkix_decode_cert(Cert, otp),
-                    [extract_public_key_info(Dec) | Acc]
+                    [hackney_ssl_certificate:public_key_info(Dec) | Acc]
                 end, [], certifi:cacerts())
    ).
 
 
-extract_public_key_info(Cert) ->
-  ((Cert#'OTPCertificate'.tbsCertificate)#'OTPTBSCertificate'.subjectPublicKeyInfo).
-
 check_cert(CACerts, Cert) ->
-  lists:member(extract_public_key_info(Cert), CACerts).
+  PublicKeyInfo = hackney_ssl_certificate:public_key_info(Cert),
+  lists:member(PublicKeyInfo, CACerts).
 
 
 -spec find(fun(), list()) -> {ok, term()} | error.

diff --git a/src/hackney_ssl_certificate.erl b/src/hackney_ssl_certificate.erl
@@ -0,0 +1,20 @@
+%%% -*- erlang -*-
+%%%
+%%% This file is part of hackney released under the Apache 2 license.
+%%% See the NOTICE for more information.
+%%%
+
+%% @private
+-module(hackney_ssl_certificate).
+
+-include_lib("public_key/include/OTP-PUB-KEY.hrl").
+
+-export(
+   [public_key_info/1
+   ]).
+
+-spec public_key_info(Cert) -> PKI
+        when Cert :: #'OTPCertificate'{tbsCertificate :: TBSCert},
+             TBSCert :: #'OTPTBSCertificate'{subjectPublicKeyInfo :: PKI}.
+public_key_info(Cert) ->
+  ((Cert#'OTPCertificate'.tbsCertificate)#'OTPTBSCertificate'.subjectPublicKeyInfo).