|> Map.put_new(:retry, pool_opts[:retry] || 1)
|> Map.put_new(:retry_timeout, pool_opts[:retry_timeout] || 1000)
|> Map.put_new(:await_up_timeout, pool_opts[:await_up_timeout] || 5_000)
+ |> maybe_add_tls_opts(uri)
key = "#{uri.scheme}:#{uri.host}:#{uri.port}"
end
end
+ defp maybe_add_tls_opts(opts, %URI{scheme: "http"}), do: opts
+
+ defp maybe_add_tls_opts(opts, %URI{scheme: "https", host: host}) do
+ tls_opts = [
+ verify: :verify_peer,
+ cacertfile: CAStore.file_path(),
+ depth: 20,
+ reuse_sessions: false,
+ verify_fun:
+ {&:ssl_verify_hostname.verify_fun/3,
+ [check_hostname: Pleroma.HTTP.Connection.format_host(host)]}
+ ]
+
+ tls_opts =
+ if Keyword.keyword?(opts[:tls_opts]) do
+ Keyword.merge(tls_opts, opts[:tls_opts])
+ else
+ tls_opts
+ end
+
+ Map.put(opts, :tls_opts, tls_opts)
+ end
+
defp do_open(uri, %{proxy: {proxy_host, proxy_port}} = opts) do
connect_opts =
uri
defp add_scheme_opts(opts, %URI{scheme: "http"}), do: opts
- defp add_scheme_opts(opts, %URI{scheme: "https", host: host}) do
- adapter_opts = [
- certificates_verification: true,
- transport: :tls,
- tls_opts: [
- verify: :verify_peer,
- cacertfile: CAStore.file_path(),
- depth: 20,
- reuse_sessions: false,
- verify_fun: {&:ssl_verify_hostname.verify_fun/3, [check_hostname: format_host(host)]},
- log_level: :warning
- ]
- ]
-
- Keyword.merge(opts, adapter_opts)
+ defp add_scheme_opts(opts, %URI{scheme: "https"}) do
+ opts
+ |> Keyword.put(:certificates_verification, true)
+ |> Keyword.put(:transport, :tls)
+ |> Keyword.put(:tls_opts, log_level: :warning)
end
defp maybe_get_conn(adapter_opts, uri, connection_opts) do
|> Keyword.put(:close_conn, false)
end
end
-
- @spec format_host(String.t()) :: charlist()
- def format_host(host) do
- host_charlist = to_charlist(host)
-
- case :inet.parse_address(host_charlist) do
- {:error, :einval} ->
- :idna.encode(host_charlist)
-
- {:ok, _ip} ->
- host_charlist
- end
- end
end
{:ok, ip} -> ip
end
end
+
+ @spec format_host(String.t()) :: charlist()
+ def format_host(host) do
+ host_charlist = to_charlist(host)
+
+ case :inet.parse_address(host_charlist) do
+ {:error, :einval} ->
+ :idna.encode(host_charlist)
+
+ {:ok, _ip} ->
+ host_charlist
+ end
+ end
end
opts = Gun.options([receive_conn: false], uri)
assert opts[:certificates_verification]
- refute opts[:tls_opts] == []
-
- assert opts[:tls_opts][:verify_fun] ==
- {&:ssl_verify_hostname.verify_fun/3, [check_hostname: 'example.com']}
-
- assert File.exists?(opts[:tls_opts][:cacertfile])
+ assert opts[:tls_opts][:log_level] == :warning
end
test "https ipv4 with default port" do
uri = URI.parse("https://127.0.0.1")
opts = Gun.options([receive_conn: false], uri)
-
- assert opts[:tls_opts][:verify_fun] ==
- {&:ssl_verify_hostname.verify_fun/3, [check_hostname: '127.0.0.1']}
+ assert opts[:certificates_verification]
+ assert opts[:tls_opts][:log_level] == :warning
end
test "https ipv6 with default port" do
uri = URI.parse("https://[2a03:2880:f10c:83:face:b00c:0:25de]")
opts = Gun.options([receive_conn: false], uri)
-
- assert opts[:tls_opts][:verify_fun] ==
- {&:ssl_verify_hostname.verify_fun/3,
- [check_hostname: '2a03:2880:f10c:83:face:b00c:0:25de']}
+ assert opts[:certificates_verification]
+ assert opts[:tls_opts][:log_level] == :warning
end
test "https url with non standart port" do
} = Connections.get_state(:gun_connections)
end
end
-
- describe "format_host/1" do
- test "with domain" do
- assert Gun.format_host("example.com") == 'example.com'
- end
-
- test "with idna domain" do
- assert Gun.format_host("ですexample.com") == 'xn--example-183fne.com'
- end
-
- test "with ipv4" do
- assert Gun.format_host("127.0.0.1") == '127.0.0.1'
- end
-
- test "with ipv6" do
- assert Gun.format_host("2a03:2880:f10c:83:face:b00c:0:25de") ==
- '2a03:2880:f10c:83:face:b00c:0:25de'
- end
- end
end
assert opts[:proxy] == {'example.com', 4321}
end
end
+
+ describe "format_host/1" do
+ test "with domain" do
+ assert Connection.format_host("example.com") == 'example.com'
+ end
+
+ test "with idna domain" do
+ assert Connection.format_host("ですexample.com") == 'xn--example-183fne.com'
+ end
+
+ test "with ipv4" do
+ assert Connection.format_host("127.0.0.1") == '127.0.0.1'
+ end
+
+ test "with ipv6" do
+ assert Connection.format_host("2a03:2880:f10c:83:face:b00c:0:25de") ==
+ '2a03:2880:f10c:83:face:b00c:0:25de'
+ end
+ end
end
projects / akkoma / commitdiff