httpoison icon indicating copy to clipboard operation
httpoison copied to clipboard
verified publisher icon edgurgel

SSL options replace default options (instead of just being added to them)

Open bortzmeyer opened this issue 3 years ago • 2 comments

I wanted to add a :log_level option to the SSL module. Many examples are on the Web or in HTTPoison documentation but it seems to me they are all wrong: using :ssl in HTTPoison options replace the set of SSL options, creating a lot of problems. You have, as mentioned here to pass the entire set of options.

For instance:

HTTPoison.get("https://example.com/", [], [ ssl: [{:versions, [:'tlsv1.2']}] ])

Does not produce the expected result (it disables SSL validation, for instance). You have to be more verbose:

HTTPoison.get("https://example.com", [], [ ssl: [{:versions, [:'tlsv1.2']}, {:verify, :verify_peer}, {:cacertfile, :certifi.cacertfile()}]])

bortzmeyer avatar Apr 21 '22 15:04 bortzmeyer

You unintentionally answered some of my doubts, thank you 👍

Hentioe avatar Jun 09 '22 08:06 Hentioe

You unintentionally answered some of my doubts, thank you +1

It seems to it may be a security issue as well.

bortzmeyer avatar Jun 13 '22 14:06 bortzmeyer