Skip to content

Commit

Permalink
Use custom CA correctly
Browse files Browse the repository at this point in the history
  • Loading branch information
@burmajam
burmajam committed Sep 10, 2024
1 parent de4491b commit 0cca918
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 22 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
# 1.9.2

## Bug fix

- use correctly custom CA if one is set

# 1.9.1

## Enhancements
Expand Down
37 changes: 15 additions & 22 deletions lib/graph_conn/supervisor.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,47 +40,40 @@ defmodule GraphConn.Supervisor do
defp _conn_opts do
insecure? = Application.get_env(:graph_conn, :insecure) == true
proxy = Application.get_env(:graph_conn, :proxy, false)
ca_cert_file = Application.get_env(:graph_conn, :ca_cert)

if ca_cert_file = Application.get_env(:graph_conn, :ca_cert),
do: :public_key.cacerts_load(ca_cert_file)

Check warning on line 45 in lib/graph_conn/supervisor.ex

View workflow job for this annotation

GitHub Actions / Full check for Elixir >= 1.15 (1.15, 24) 

:public_key.cacerts_load/1 is undefined or private

Check warning on line 45 in lib/graph_conn/supervisor.ex

View workflow job for this annotation

GitHub Actions / Full check for Elixir >= 1.15 (1.15, 24) 

:public_key.cacerts_load/1 is undefined or private

case {insecure?, proxy} do
{true, false} ->
transport_opts =
[verify: :verify_none]
|> _inject_ca_cert_file(ca_cert_file)

transport_opts = [verify: :verify_none]
[conn_opts: [transport_opts: transport_opts]]

{true, proxy} ->
transport_opts =
[verify: :verify_none]
|> _inject_ca_cert_file(ca_cert_file)

transport_opts = [verify: :verify_none]
[conn_opts: [transport_opts: transport_opts, proxy: _proxy_opts(proxy)]]

{false, false} ->
transport_opts =
[verify: :verify_peer]
|> _inject_ca_cert_file(ca_cert_file)

[conn_opts: [transport_opts: transport_opts]]
[conn_opts: [transport_opts: _tls_transport_opts()]]

{false, proxy} ->
transport_opts =
[verify: :verify_peer]
|> _inject_ca_cert_file(ca_cert_file)

[conn_opts: [transport_opts: transport_opts, proxy: _proxy_opts(proxy)]]
[conn_opts: [transport_opts: _tls_transport_opts(), proxy: _proxy_opts(proxy)]]
end
end

defp _tls_transport_opts() do
[
verify: :verify_peer,
cacerts: :public_key.cacerts_get(),

Check warning on line 67 in lib/graph_conn/supervisor.ex

View workflow job for this annotation

GitHub Actions / Full check for Elixir >= 1.15 (1.15, 24) 

:public_key.cacerts_get/0 is undefined or private

Check warning on line 67 in lib/graph_conn/supervisor.ex

View workflow job for this annotation

GitHub Actions / Full check for Elixir >= 1.15 (1.15, 24) 

:public_key.cacerts_get/0 is undefined or private
reuse_sessions: false
]
end

defp _proxy_opts(config) do
address = Keyword.fetch!(config, :address)
port = Keyword.fetch!(config, :port) |> Tools.to_integer()
opts = Keyword.get(config, :opts, [])

{:http, address, port, opts}
end

defp _inject_ca_cert_file(opts, nil), do: opts
defp _inject_ca_cert_file(opts, file_path), do: [{:cacerts, file_path} | opts]
end

0 comments on commit 0cca918

Please sign in to comment.