search

edgurgel / httpoison

Yet Another HTTP client for Elixir powered by hackney
https://hex.pm/packages/httpoison
MIT License
2.23k stars 341 forks source link

Updates the `ssl` option to add settings rather than replace them #466

Closed ShahneRodgers closed 2 years ago

ShahneRodgers commented 2 years ago

As per issue #458, passing the ssl option completely overrides all settings, rather than just overwriting the "sub"-setting that was specified. Eg ssl: [{:verions, [:'tlsv1.2']}] disabled all TLS settings rather than just requiring TLSv1.2.

This commit changes HTTPoison's behaviour to merge the ssl settings with my best-guess at what the defaults are. Since it may be a breaking change, it also adds a new ssl_override option that can be used by anyone wishing to maintain the existing behaviour.

This resolves #458.

ShahneRodgers commented 2 years ago

This is great! Thanks! 🎉

I wonder how hard it would be to run badssl.com locally 🤔

It should be pretty simple - the only question is whether to use the genuine Chromium version that seems to require building from scratch 😞 (and thus keeping copies of everything) , or one of the random copies that may or may not be/continue to be legitimate / present.

edgurgel commented 2 years ago

LGTM! Do you want to autosquash those fixups? :bowtie: