SSL certificate issue

[MonsieurV]

Not 100% sure this comes from the library, but I have this warning:

12:30:20.580 [warning] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

And after letting the VM running, this error:

10:32:37.311 [error] GenServer {Goth.Registry, GSS.Goth} terminating
** (RuntimeError) too many failed attempts to refresh, last error: %RuntimeError{message: "{:tls_alert, {:unknown_ca, 'TLS client: In state wait_cert_cr at ssl_handshake.erl:2032 generated CLIENT ALERT: Fatal - Unknown CA\\n'}}"}
    (goth 1.3.0-rc.3) lib/goth/server.ex:80: Goth.Server.handle_info/2
    (stdlib 3.17) gen_server.erl:695: :gen_server.try_dispatch/4
    (stdlib 3.17) gen_server.erl:771: :gen_server.handle_msg/6
    (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
Last message: :refresh
State: %Goth.Server{http_client: {Goth.HTTPClient.Hackney, %Goth.HTTPClient.Hackney{default_opts: []}}, name: GSS.Goth, refresh_before: 300, retries: 1, retry_after: 1000, source: {:service_account, %{"auth_provider_x509_cert_url" => "https://www.googleapis.com/oauth2/v1/certs", "auth_uri" => "https://accounts.google.com/o/oauth2/auth", "client_email" => "<blabla>.iam.gserviceaccount.com", "client_id" => "id", "client_x509_cert_url" => "https://www.googleapis.com/robot/v1/metadata/x509/<path>", "private_key" => "-----BEGIN PRIVATE <priavte>\n-----END PRIVATE KEY-----\n", "private_key_id" => "<id>", "project_id" => "<project-id>", "token_uri" => "https://oauth2.googleapis.com/token", "type" => "service_account"}, [scopes: ["https://www.googleapis.com/auth/spreadsheets"]]}}

Is this normal?

It seems to me that with have the latest HTTP clients, so we should not get such cert issues, but I certainly miss something.

[MonsieurV]

After a better read, this seems of course coming from Goth (contacting Google auth servers)

https://github.com/peburrows/goth/blob/master/lib/goth/server.ex#L80