Skip to content

Commit 422f436

Browse files
tomekowalclaude
tomekowal
and
claude
committed
fix: use ssl_opts/2 in hackney_conn for proper cacertfile handling
hackney_conn called check_hostname_opts/1 directly which always sets {cacerts, certifi:cacerts()}, causing Erlang SSL to ignore the user-provided cacertfile option. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent a33e878 commit 422f436

1 file changed

Lines changed: 6 additions & 6 deletions

File tree

src/hackney_conn.erl

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -761,10 +761,9 @@ connected({call, From}, {upgrade_to_ssl, _SslOpts}, #conn_data{transport = hackn
761761
{keep_state_and_data, [{reply, From, ok}]};
762762
connected({call, From}, {upgrade_to_ssl, SslOpts}, #conn_data{socket = Socket, host = Host, connect_options = ConnectOpts} = Data) ->
763763
%% Upgrade TCP socket to SSL (e.g., after CONNECT proxy tunnel)
764-
%% Get default SSL options with hostname verification
765-
DefaultSslOpts = hackney_ssl:check_hostname_opts(Host),
766-
%% Merge user-provided SSL options (they override defaults)
767-
MergedSslOpts = hackney_util:merge_opts(DefaultSslOpts, SslOpts),
764+
%% Use ssl_opts/2 to properly merge defaults with user options
765+
%% (handles cacertfile vs cacerts correctly)
766+
MergedSslOpts = hackney_ssl:ssl_opts(Host, [{ssl_options, SslOpts}]),
768767
%% Add ALPN options for HTTP/2 negotiation
769768
%% Check both SslOpts (from upgrade call) and ConnectOpts (from initial config)
770769
AlpnOpts = case hackney_ssl:alpn_opts(SslOpts) of
@@ -2271,8 +2270,9 @@ do_tcp_connect(From, Data) ->
22712270
TransportOpts = proplists:delete(protocols, ConnectOpts),
22722271
Opts = case Transport of
22732272
hackney_ssl ->
2274-
DefaultSslOpts = hackney_ssl:check_hostname_opts(Host),
2275-
MergedSslOpts = hackney_util:merge_opts(DefaultSslOpts, SslOpts0),
2273+
%% Use ssl_opts/2 to properly merge defaults with user options
2274+
%% (handles cacertfile vs cacerts correctly)
2275+
MergedSslOpts = hackney_ssl:ssl_opts(Host, [{ssl_options, SslOpts0}]),
22762276
AlpnOpts = hackney_ssl:alpn_opts(ConnectOpts),
22772277
FinalSslOpts = hackney_util:merge_opts(MergedSslOpts, AlpnOpts),
22782278
TransportOpts ++ [{ssl_options, FinalSslOpts}];

0 commit comments

Comments
 (0)