hackney
hackney copied to clipboard
benoitc
`insecure` option searched in `ssl_options`
Description
The insecure option is listed among the Others options according to the request/5 documentation and isn't part of to the ssl_options.
When no ssl_options is provided as a request option the whole Options argument is passed to ssl_opts/1 and works like described above.
However, when ssl_options is provided hackney uses a different approach and only the ssl_options is passed to ssl_opts/1 instead of the whole Options argument, thus it searches for the insecure option in the ssl_options.
Related code parts
ssl_opts(Host, Options) ->
case proplists:get_value(ssl_options, Options) of
undefined ->
ssl_opts_1(Host, Options);
[] ->
ssl_opts_1(Host, Options);
SSLOpts ->
merge_ssl_opts(Host, SSLOpts) % NOTE: Only `ssl_options` is passed
end.
ssl_opts_1(Host, Options) ->
Insecure = proplists:get_value(insecure, Options, false),
case Insecure of
true ->
[{verify, verify_none} | ssl_opts_2()];
false ->
hackney_ssl:check_hostname_opts(Host) ++ ssl_opts_2()
end.
merge_ssl_opts(Host, OverrideOpts) ->
VerifyHost = case proplists:get_value(server_name_indication, OverrideOpts, disable) of
disable -> Host;
SNI -> SNI
end,
DefaultOpts = ssl_opts_1(VerifyHost, OverrideOpts), % NOTE: `OverrideOpts` is only `ssl_options`, which shouldn't contain the `insecure` option
MergedOpts = orddict:merge(fun(_K, _V1, V) -> V end,
orddict:from_list(DefaultOpts),
orddict:from_list(OverrideOpts)),
%% If cacertfile was provided in override opts remove cacerts
case lists:keymember(cacertfile, 1, MergedOpts) of
true ->
lists:keydelete(cacerts, 1, MergedOpts);
false ->
MergedOpts
end.
