search

sasa1977 / site_encrypt

Integrated certification via Let's encrypt for Elixir-powered sites
MIT License
471 stars 34 forks source link

SSL suggested test failing on Erlang 26 #56

Closed alexdesousa closed 9 months ago

alexdesousa commented 10 months ago

Description

I was adding this library to my project to configure SSL. I never have run into problems with it before, until yesterday when I added the suggested test:

defmodule PhoenixDemo.Endpoint.CertificationTest do
  use ExUnit.Case, async: false
  import SiteEncrypt.Phoenix.Test

  test "certification" do
    clean_restart(PhoenixDemo.Endpoint)
    cert = get_cert(PhoenixDemo.Endpoint)
    assert cert.domains == ~w/mysite.com www.mysite.com/
  end
end

And I got the following error:

  1) test certification (MyAppWeb.Endpoint.CertificationTest)
     test/my_app_web/endpoint/certification_test.exs:5
     ** (MatchError) no match of right hand side value: {:error, {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}
     code: cert = get_cert(MyAppWeb.Endpoint)
     stacktrace:
       (site_encrypt 0.5.0) lib/site_encrypt/phoenix/test.ex:61: SiteEncrypt.Phoenix.Test.get_cert/1
       test/my_app_web/endpoint/certification_test.exs:7: (test)

Workaround

At first I thought I've configured something incorrectly, but then I realized it was because the new safer SSL defaults in Erlang 26. When I switch my language versions from:

erlang 26.1.2
elixir 1.16.0-otp-26

to

erlang 25.3.2.8
elixir 1.16.0-otp-25

The issue was resolved, but there was a warning in the logs confirming the issue:

20:11:12.958 [warning] Description: ~c"Server authenticity is not verified since certificate path validation is not enabled"
     Reason: ~c"The option {verify, verify_peer} and one of the options 'cacertfile' or 'cacerts' are required to enable this."

Potential Solution

I now see @NoBrainSkull opened #55 with a fix for the test. I'm opening this issue in order to help others with the same issue find the root problem :smile:

P.S: Thank you for this amazing and time saver project! :heart:

sasa1977 commented 10 months ago

Thanks for the report. I've merged #55. Does that fix the problem?

alexdesousa commented 9 months ago

@sasa1977 Yep, I just tested it and it works :rocket: Thanks for merging that! :smile: