Open zmstone opened 1 week ago
A further enhancement is probably not to turn system_defaults
into public_key:cacerts_get()
,
but use it as an indication to search for certs in certificate store which is periodically refreshed thus to ensure certificate renewal is smooth.
When one wants to use system default trusted certs to verify peer. There seems to be only two options:
cacertfile
option{cacerts, public_key:cacerts_get()}
I'd like to have option 2 simplified as
{cacerts, system_defaults}
or similar so OTP'sssl
lib can callpublic_key:cacerts_get()
for me.This is necessary because
public_key:cacerts_get()
is often a quite bloated term. And SSL options are usually passed around and stored in various process states. When process crashes or when exceptions with SSL options in the context are caught and dumped to logs, the options are printed to the logs which in turn bloats the logs quite much.