mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-27 13:47:58 +01:00
Remove transport_opts workaround for SSL hosts due to upstream fix
Available in 27.0.1+ by https://github.com/erlang/otp/issues/8588
This commit is contained in:
parent
2e1808b00f
commit
967cbf7b24
1 changed files with 8 additions and 33 deletions
|
@ -84,7 +84,7 @@ defmodule PhilomenaProxy.Http do
|
||||||
body: body,
|
body: body,
|
||||||
headers: [{:user_agent, @user_agent} | headers],
|
headers: [{:user_agent, @user_agent} | headers],
|
||||||
max_redirects: 1,
|
max_redirects: 1,
|
||||||
connect_options: connect_options(url),
|
connect_options: connect_options(),
|
||||||
inet6: true,
|
inet6: true,
|
||||||
into: &stream_response_callback/2,
|
into: &stream_response_callback/2,
|
||||||
decode_body: false
|
decode_body: false
|
||||||
|
@ -93,39 +93,14 @@ defmodule PhilomenaProxy.Http do
|
||||||
|> Req.request()
|
|> Req.request()
|
||||||
end
|
end
|
||||||
|
|
||||||
defp connect_options(url) do
|
defp connect_options do
|
||||||
transport_opts =
|
|
||||||
case URI.parse(url) do
|
|
||||||
%{scheme: "https"} ->
|
|
||||||
# SSL defaults validate SHA-1 on root certificates but this is unnecessary because many
|
|
||||||
# many roots are still signed with SHA-1 and it isn't relevant for security. Relax to
|
|
||||||
# allow validation of SHA-1, even though this creates a less secure client.
|
|
||||||
# https://github.com/erlang/otp/issues/8601
|
|
||||||
[
|
|
||||||
transport_opts: [
|
|
||||||
customize_hostname_check: [
|
|
||||||
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
|
|
||||||
],
|
|
||||||
signature_algs_cert: :ssl.signature_algs(:default, :"tlsv1.3") ++ [sha: :rsa]
|
|
||||||
]
|
|
||||||
]
|
|
||||||
|
|
||||||
_ ->
|
|
||||||
# Do not pass any options for non-HTTPS schemes. Finch will raise badarg if the above
|
|
||||||
# options are passed.
|
|
||||||
[]
|
|
||||||
end
|
|
||||||
|
|
||||||
proxy_opts =
|
|
||||||
case Application.get_env(:philomena, :proxy_host) do
|
case Application.get_env(:philomena, :proxy_host) do
|
||||||
nil ->
|
nil ->
|
||||||
[]
|
[]
|
||||||
|
|
||||||
url ->
|
proxy_url ->
|
||||||
[proxy: proxy_opts(URI.parse(url))]
|
[proxy: proxy_opts(URI.parse(proxy_url))]
|
||||||
end
|
end
|
||||||
|
|
||||||
transport_opts ++ proxy_opts
|
|
||||||
end
|
end
|
||||||
|
|
||||||
defp proxy_opts(%{host: host, port: port, scheme: "https"}),
|
defp proxy_opts(%{host: host, port: port, scheme: "https"}),
|
||||||
|
|
Loading…
Reference in a new issue