add verify tls_opts only when we open connection

for other requests tesla will add tls_opts
2020-03-10 15:54:11 +03:00 · 2020-03-10 15:54:11 +03:00 · f39e1b9eff
commit f39e1b9eff
parent 426f5ee48a
5 changed files with 66 additions and 60 deletions
--- a/lib/pleroma/gun/conn.ex
+++ b/lib/pleroma/gun/conn.ex
@ -45,6 +45,7 @@ defmodule Pleroma.Gun.Conn do
      |> Map.put_new(:retry, pool_opts[:retry] || 1)
      |> Map.put_new(:retry_timeout, pool_opts[:retry_timeout] || 1000)
      |> Map.put_new(:await_up_timeout, pool_opts[:await_up_timeout] || 5_000)
+      |> maybe_add_tls_opts(uri)

    key = "#{uri.scheme}:#{uri.host}:#{uri.port}"

@ -70,6 +71,29 @@ defmodule Pleroma.Gun.Conn do
    end
  end

+  defp maybe_add_tls_opts(opts, %URI{scheme: "http"}), do: opts
+
+  defp maybe_add_tls_opts(opts, %URI{scheme: "https", host: host}) do
+    tls_opts = [
+      verify: :verify_peer,
+      cacertfile: CAStore.file_path(),
+      depth: 20,
+      reuse_sessions: false,
+      verify_fun:
+        {&:ssl_verify_hostname.verify_fun/3,
+         [check_hostname: Pleroma.HTTP.Connection.format_host(host)]}
+    ]
+
+    tls_opts =
+      if Keyword.keyword?(opts[:tls_opts]) do
+        Keyword.merge(tls_opts, opts[:tls_opts])
+      else
+        tls_opts
+      end
+
+    Map.put(opts, :tls_opts, tls_opts)
+  end
+
  defp do_open(uri, %{proxy: {proxy_host, proxy_port}} = opts) do
    connect_opts =
      uri
--- a/lib/pleroma/http/adapter_helper/gun.ex
+++ b/lib/pleroma/http/adapter_helper/gun.ex
@ -45,21 +45,11 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do

  defp add_scheme_opts(opts, %URI{scheme: "http"}), do: opts

-  defp add_scheme_opts(opts, %URI{scheme: "https", host: host}) do
-    adapter_opts = [
-      certificates_verification: true,
-      transport: :tls,
-      tls_opts: [
-        verify: :verify_peer,
-        cacertfile: CAStore.file_path(),
-        depth: 20,
-        reuse_sessions: false,
-        verify_fun: {&:ssl_verify_hostname.verify_fun/3, [check_hostname: format_host(host)]},
-        log_level: :warning
-      ]
-    ]
-
-    Keyword.merge(opts, adapter_opts)
+  defp add_scheme_opts(opts, %URI{scheme: "https"}) do
+    opts
+    |> Keyword.put(:certificates_verification, true)
+    |> Keyword.put(:transport, :tls)
+    |> Keyword.put(:tls_opts, log_level: :warning)
  end

  defp maybe_get_conn(adapter_opts, uri, connection_opts) do
@ -93,17 +83,4 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do
        |> Keyword.put(:close_conn, false)
    end
  end
-
-  @spec format_host(String.t()) :: charlist()
-  def format_host(host) do
-    host_charlist = to_charlist(host)
-
-    case :inet.parse_address(host_charlist) do
-      {:error, :einval} ->
-        :idna.encode(host_charlist)
-
-      {:ok, _ip} ->
-        host_charlist
-    end
-  end
 end
--- a/lib/pleroma/http/connection.ex
+++ b/lib/pleroma/http/connection.ex
@ -106,4 +106,17 @@ defmodule Pleroma.HTTP.Connection do
      {:ok, ip} -> ip
    end
  end
+
+  @spec format_host(String.t()) :: charlist()
+  def format_host(host) do
+    host_charlist = to_charlist(host)
+
+    case :inet.parse_address(host_charlist) do
+      {:error, :einval} ->
+        :idna.encode(host_charlist)
+
+      {:ok, _ip} ->
+        host_charlist
+    end
+  end
 end