-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify hostname shim #29
Conversation
src/xhttp_shims.erl
Outdated
%% Shims for functions introduced in recent Erlang/OTP releases, | ||
%% to enable use of XHTTP on older releases. The code in this module | ||
%% was taken directly from the Erlang/OTP project. The original license | ||
%% follows: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Let's include the commit and file we took this from to make it easier to track bugs and knowing when to update.
I pushed a fix for the failing tests: b682c18. |
with :verify_peer <- Keyword.get(opts, :verify), | ||
nil <- Keyword.get(opts, :verify_fun), | ||
true <- use_pkix_verify_hostname_shim?() do | ||
Logger.debug("ssl application does not perform hostname verifaction; activating shim") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should remove this logger message, but not important right now.
I have a bunch of refactoring/stylistic comments but I'll just merge the PR and do the changes after that. Thanks so much @voltone! ❤️ |
This enables HTTPS hostname verification on OTP versions that do not automatically perform the check in the
:ssl
application, by bringing a copy of the OTP 20.3 implementation ofpkix_verify_hostname
and enabling it when:verify
option is set to:verify_peer
, andverify_fun
is set, and:ssl
module version does not perform hostname verificationIt inherits the bugs and limitations of the OTP 20 implementation, most notably ERL-542