Open wojtekmach opened 2 years ago
Is Finch setting its own SSL options? If not, it would be preferable to do this in Mint.
Finch is not setting SSL options. I thought that by dropping the castore dependency in Finch we'd have to gracefully handle it in Finch. But I just noticed that if Mint SSL transport is not given cacerts/cacertfile options and CAStore is not available, it raises a good error message. So yeah, I think Mint it is. Thanks!
Finch would need to remove or make the castore dependency optional though so some minor changes are needed here as well.
The OTP team is working on exciting new capability and that's using the system provided certs store: https://github.com/erlang/otp/pull/5853. When that ships, I believe Finch would no longer have to depend on the
castore
package and instead make it opt-in.Perhaps it would make sense to have something like this in Finch:
We'd still need logic like: if either
cacerts
orcacertfile
is passed to Finch, that takes the precedence. Perhaps some of this logic would make sense in Mint instead.cc @ericmj