{:verify, :verify_none} - ignored #501
Description
After updating elixir and OTP to the latest versions I got some erros with HTTPs Request to IT Infrastructure of Cloud providers.
The verify options seems to be fully ignored at the moment. Similar behaviour in the hackney project:
benoitc/hackney#766
This causes that some certificates of IT infrastructure by cloud providers are completely rejected, even if sni is disabled.
{:error,
%HTTPoison.Error{
reason: {:tls_alert,
{:handshake_failure,
~c"TLS client: In state certify at ssl_handshake.erl:2160 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,unable_to_match_altnames}"}},
id: nil
}} es_ssl_options = [
{:verify, :verify_none},
{:cacertfile, Path.join(priv_cert_dir, es_cert_path)},
{:customize_hostname_check, [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]},
{:server_name_indication, :disable}
]It works by using the erlang inbuild ssl library:
{:ok, socket} = :ssl.connect('es.my.domain', 9200, [
:binary,
{:verify, :verify_none},
{:server_name_indication, :disable},
{:customize_hostname_check, [match_fun: fn _, _ -> true end]}
], 5000)The only way I got it running again, was by forcing a downgrading of hackney and httpoison
{:hackney, "~> 1.21.0", override: true},
{:httpoison, "2.2.0"},