SSL errors logged during HTTPoison - how to suppress?

fireproofsocks · November 2, 2021, 4:50am

I’ve noticed a few weird log messages and I’ve tracked them down to HTTPoison, specifically do its ssl_verify_fun dependency. It comes up with certain flavors of bad SSL certs.

iex(1)> HTTPoison.get("https://www.oneguysopinion.com/Review.php?ID=1169")

00:44:35.072 [info]  TLS :client: In state :wait_cert_cr at ssl_handshake.erl:1933 generated CLIENT ALERT: Fatal - Certificate Expired

{:error,
 %HTTPoison.Error{
   id: nil,
   reason: {:tls_alert,
    {:certificate_expired,
     'TLS client: In state wait_cert_cr at ssl_handshake.erl:1933 generated CLIENT ALERT: Fatal - Certificate Expired\n'}}
 }}

If I have :mfa enabled as one of the logger metadata fields, I see a blurb about the handshake.

mfa=:ssl_handshake.path_validation_alert/1

My question is: is there a way to suppress the info message? It is redundant because HTTPoison returns the information as part of its error tuple. I’d like to handle the logging in a way that’s more appropriate for my app rather than having this message squeak out.

Thanks for any ideas.

voltone · November 2, 2021, 7:05am

You can set the ssl application’s log level using the :log_level option, for example log_level: :none.

However… if you were to just pass this option to HTTPoison like this…

HTTPoison.get("https://www.oneguysopinion.com/Review.php?ID=1169", [], ssl: [log_level: :none])

…you’ll find that the connection to this particular host suddenly succeeds, despite the expired certificate. This is because the ssl options overwrite Hackney’s server certificate verification options. The proper way to do this (with a recent Hackney version) would be:

ssl_opts =
  "www.oneguysopinion.com"
  |> to_charlist()
  |> :hackney_ssl.check_hostname_opts()
  |> Keyword.put(:log_level, :none)
HTTPoison.get("https://www.oneguysopinion.com/Review.php?ID=1169", [], ssl: ssl_opts)

fireproofsocks · November 2, 2021, 4:16pm

Thank you! This worked beautifully!