ssl - 如何向 HTTPoison/hackney 添加可信证书？

Question

当我尝试时:

HTTPoison.get! "https://facebook.com"

我得到:

** (HTTPoison.Error) {:tls_alert, 'unknown ca'}
[error] SSL: :certify: ssl_handshake.erl:1606:Fatal error: unknown ca

    (httpoison) lib/httpoison.ex:66: HTTPoison.request!/5

这是意料之中的，因为在我的公司，我需要信任防火墙的证书才能出去。

我在系统范围内信任证书(.cer 文件)，这就是为什么 wget 在访问 https URL 时没有给我 ssl 错误。但是 hackney/HTTPPoison 似乎忽略了这个配置。

如何让 HTTPoison/hackney 将证书识别为可信证书？

Answer 1

证书文件路径被传递给 HTTPPoison 选项，如下所示:

   defp add_certs do
          [                                                                                                                                        
            hackney: [ # :hackney options                                                                                                          
             ssl_options: [ # :ssl options                                                                                                         
               cacertfile: # CA certificate used to validate server cert; path(), "string" is ok                  
               certfile:  # client certificate, signed by CA; path(), "string" is ok                                 
               keyfile:  # private key for client.crt; path(). "string" is ok                                         
               password:  # password for keyfile; string(), "string" not ok, use 'char list'                                  
             ]                                                                                                                                     
           ]                                                                                                     
          ]
    end
    HTTPoison.post(url, request_xml, headers, add_certs)