Use built-in cacerts

[wojtekmach]

The OTP team is working on exciting new capability and that's using the system provided certs store: https://github.com/erlang/otp/pull/5853. When that ships, I believe Finch would no longer have to depend on the castore package and instead make it opt-in.

Perhaps it would make sense to have something like this in Finch:

default_ssl_opts =
  cond do
    Code.ensure_loaded?(:public_key) and function_exported?(:public_key, :cacerts_get, 0) ->
      [cacerts: :public_key.cacerts_get()]

    Code.ensure_loaded?(CAStore) ->
      [cacertfile: CAStore.file_path()] 

    true ->
      raise "some good error message"
  end

We'd still need logic like: if either cacerts or cacertfile is passed to Finch, that takes the precedence. Perhaps some of this logic would make sense in Mint instead.

cc @ericmj

[ericmj]

Is Finch setting its own SSL options? If not, it would be preferable to do this in Mint.

[wojtekmach]

Finch is not setting SSL options. I thought that by dropping the castore dependency in Finch we'd have to gracefully handle it in Finch. But I just noticed that if Mint SSL transport is not given cacerts/cacertfile options and CAStore is not available, it raises a good error message. So yeah, I think Mint it is. Thanks!

[ericmj]

Finch would need to remove or make the castore dependency optional though so some minor changes are needed here as well.