From 31c9a714a5baa02dcdec2221fc6004efd62571d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 8 Jun 2024 10:40:23 +0200 Subject: [PATCH 1/2] Default to using Erlang certificates store The OTP team no longer supports Erlang versions earlier than 25+, so we can assuming that `:public_key.cacerts_get/0` is available and only fallback to `CAStore` if not. This also solves a bug in that Req/Finch/Mint do not work inside escripts by default (because inside an escript you cannot access the priv dir of an application). --- README.md | 5 ++--- lib/mint/core/transport/ssl.ex | 9 +++++++-- mix.exs | 1 + 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3ab8ee65..7f59482d 100644 --- a/README.md +++ b/README.md @@ -9,12 +9,11 @@ ## Installation -To install Mint, add it to your `mix.exs` file. Unless you're using your own SSL certificate store, also add the [CAStore][castore] library to your dependencies. +To install Mint, add it to your `mix.exs` file: ```elixir defp deps do [ - {:castore, "~> 1.0"}, {:mint, "~> 1.0"} ] end @@ -83,7 +82,7 @@ For more information, see [the documentation][documentation]. ### SSL certificates -When using SSL, you can pass in your own CA certificate store or use one provided by Mint. Mint doesn't ship with the certificate store itself, but it has an optional dependency on [CAStore][castore], which provides an up-to-date certificate store. If you don't want to use your own certificate store, just add `:castore` to your dependencies. +When using SSL, you can pass in your own CA certificate store. If one is not provided, Mint will use the one in your system, as long as you are using Erlang/OTP 25+. If none of these conditions are true, just add `:castore` to your dependencies. ```elixir defp deps do diff --git a/lib/mint/core/transport/ssl.ex b/lib/mint/core/transport/ssl.ex index ed921908..e33799b2 100644 --- a/lib/mint/core/transport/ssl.ex +++ b/lib/mint/core/transport/ssl.ex @@ -572,8 +572,13 @@ defmodule Mint.Core.Transport.SSL do if Keyword.has_key?(opts, :cacertfile) or Keyword.has_key?(opts, :cacerts) do opts else - raise_on_missing_castore!() - Keyword.put(opts, :cacertfile, CAStore.file_path()) + try do + Keyword.put(opts, :cacerts, :public_key.cacerts_get()) + rescue + _ -> + raise_on_missing_castore!() + Keyword.put(opts, :cacertfile, CAStore.file_path()) + end end end diff --git a/mix.exs b/mix.exs index 957c8f4a..1a38b094 100644 --- a/mix.exs +++ b/mix.exs @@ -18,6 +18,7 @@ defmodule Mint.MixProject do exclude: [ :persistent_term, {:ssl, :cipher_suites, 1}, + {:public_key, :cacerts_get, 0}, CAStore ] ], From eeb0c17dfbb5c461ce3bb6ae4669a1823da84362 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 8 Jun 2024 11:02:25 +0200 Subject: [PATCH 2/2] Dialyzer --- .dialyzer_ignore.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.dialyzer_ignore.exs b/.dialyzer_ignore.exs index e7f884f1..b4647b42 100644 --- a/.dialyzer_ignore.exs +++ b/.dialyzer_ignore.exs @@ -2,5 +2,6 @@ {"lib/mint/tunnel_proxy.ex", :call_with_opaque, 49}, {"lib/mint/http1.ex", :improper_list_constr}, ~r{test/support}, - ~r{Function ExUnit.Assertion.* does not exist} + ~r{Function ExUnit.Assertion.* does not exist}, + ~r{Call to missing or private function :public_key.cacerts_get/0} ]