pgo icon indicating copy to clipboard operation
pgo copied to clipboard
verified publisher icon erleans

Default SSL Options don't work in OTP-26+

Open tsloughter opened this issue 1 year ago • 3 comments

See https://github.com/erleans/pgo/issues/77

Also, it'd be great if, like say Ruby's pg, we could maybe automatically enable ssl when needed.

tsloughter avatar Jun 06 '24 19:06 tsloughter

Hi!

gleam_pgo is using pgo under the hood, and I needed to have a correct SSL defaults for the package. In the end, I ended up with a configuration like:

default_ssl_options(Host, Ssl) ->
  case Ssl of
    false -> [];
    true -> [
      {verify, verify_peer},
      {cacerts, public_key:cacerts_get()},
      {server_name_indication, binary_to_list(Host)},
      {customize_hostname_check, [
        {match_fun, public_key:pkix_verify_hostname_match_fun(https)}
      ]}
    ]
  end.

Which solves the settings for SSL. Maybe this should be merged directly to the pgo package? I suppose pgo should also take care of merging the defaults settings with the user settings, or let user overrides the defaults settings?

ghivert avatar Jul 07 '24 14:07 ghivert

That looks fab to me!

Though I must admit I'm not very familiar with configuring SSL in Erlang 😁

lpil avatar Jul 17 '24 11:07 lpil

I'm not sure @tsloughter wanted to push it in pgo. I let him confirm or infirm here 🙂

ghivert avatar Jul 17 '24 16:07 ghivert