I need to call HTTP API verifying SSL or not. However, I found both httpc and hackney behave strange - ssl option stay across different functions.
See this code:
bad_url1 = "https://expired.badssl.com/"
bad_url2 = "https://wrong.host.badssl.com/"
# Testing httpc
# httpc by default does not check ssl
{:ok, _} = :httpc.request(:get, {to_charlist(bad_url1), []}, [], [])
# verify ssl
{:error, _} =
:httpc.request(
:get,
{to_charlist(bad_url1), []},
[ssl: [verify: :verify_peer, cacertfile: :certifi.cacertfile()]],
[]
)
# no verify again
{:ok, _} = :httpc.request(:get, {to_charlist(bad_url1), []}, [ssl: [verify: :verify_none]], [])
# verify ssl... DOES NOT work!
{:ok._()} =
:httpc.request(
:get,
{to_charlist(bad_url1), []},
[ssl: [verify: :verify_peer, cacertfile: :certifi.cacertfile()]],
[]
)
# Testing hackney
Application.ensure_all_started(:hackney)
{:error, _} = :hackney.request(:get, bad_url1, [], [], [])
{:error, _} = :hackney.request(:get, bad_url2, [], [], [])
# => :error, as expected
{:ok, 200, _headers, ref} = :hackney.request(:get, bad_url1, [], [], [:insecure])
# before reading the body, other requests without insecure fail
{:error, _} = :hackney.request(:get, bad_url1, [], [], [])
# once the body is read..
{:ok, _body} = :hackney.body(ref)
# => :ok, as expected
{:ok, 200, _headers, ref} = :hackney.request(:get, bad_url1, [], [], [])
{:ok, _body} = :hackney.body(ref)
# WHAT? as insecure is missing, this should fail due to ssl error!
At first I thought hackney keeps some options in pool (I created https://github.com/benoitc/hackney/issues/570 ) - but apparently httpc has the same issue.
Anyone had this issue?