It’s my understanding that hackney injects certifi into ssl requests. Needing to include a custom ca necessitates setting ssl options on the hackney call, all the options or lose the other ssl settings hackney applies. First question, is there a way to configure hackney, via Application, to use a different default trust store globally to allow hackney to do all else ssl as usual?
Second part, does :ssl have a default trust store? Can it be configured? This is of interest for other ssl things like ldap.
Needing to include a custom ca necessitates setting ssl options on the hackney call, all the options or lose the other ssl settings hackney applies
In recent Hackney versions you can use :hackney_ssl.check_hostname_opts(hostname) to get all the default options that would be passed to :ssl.connect/3. You can then make any changes you want, and pass the result back into the :ssl option to one of Hackney’s request functions. In this case you could replace the :cacerts options (or prepend custom certificates) and leave all the other option as-is.
First question, is there a way to configure hackney, via Application, to use a different default trust store globally to allow hackney to do all else ssl as usual?
No
Second part, does :ssl have a default trust store? Can it be configured?