http: fix TLS server name indication

by default, hackney only sent TLS server name indication if TLS was locked
to TLS 1.2.

since there are many instances out there not speaking TLS 1.2, it is not
acceptable to lock SNI to TLS 1.2.

closes #261
This commit is contained in:
William Pitcock 2018-08-24 20:01:13 +00:00
parent be7a6db1f5
commit 290798b821

View file

@ -1,5 +1,23 @@
defmodule Pleroma.HTTP do defmodule Pleroma.HTTP do
use HTTPoison.Base require HTTPoison
def request(method, url, body \\ "", headers \\ [], options \\ []) do
options =
process_request_options(options)
|> process_sni_options(url)
HTTPoison.request(method, url, body, headers, options)
end
defp process_sni_options(options, url) do
uri = URI.parse(url)
host = uri.host |> to_charlist()
case uri.scheme do
"https" -> options ++ [ssl: [server_name_indication: host]]
_ -> options
end
end
def process_request_options(options) do def process_request_options(options) do
config = Application.get_env(:pleroma, :http, []) config = Application.get_env(:pleroma, :http, [])
@ -10,4 +28,9 @@ defmodule Pleroma.HTTP do
_ -> options ++ [proxy: proxy] _ -> options ++ [proxy: proxy]
end end
end end
def get(url, headers \\ [], options \\ []), do: request(:get, url, "", headers, options)
def post(url, body, headers \\ [], options \\ []),
do: request(:post, url, body, headers, options)
end end