Comments (9)
This was done in Gun 2.1. Closing, thanks!
from gun.
To be fair you always needed to configure TLS otherwise you wouldn't get a secure connection. That aside, the plan is to use the public_key:cacerts_get()
by default in a future version. This function was what was missing for Gun to provide secure TLS connections by default.
About the timeout, this likely needs to be fixed to behave better. I believe if you increase the await_up timeout you should get the error propagated. It just propagates too late. Gun probably shouldn't retry if it gets an options incompatible error since retrying won't get it to succeed.
from gun.
As an erlang beginner, this was very confusing, and i ended up losing a lot of time yesterday.
I was so lost, i decided to try httpc and hackney, which were working.
But i knew i would eventually need websocket support, so i went back to gun, and i saw this issue.
So thank you peffis.
As a beginner, it's far easier to think that you don't understand something and the mistake is on your part than thinking a bug is in widely used lib with good reputation and with a fairly large community.
"To be fair you always needed to configure TLS otherwise you wouldn't get a secure connection."
But on the page "Connection", in the section "Opening a new connection", it is said:
"If the port given is 443, Gun will attempt to connect using TLS." with this example provided:
{ok, ConnPid} = gun:open("example.org", 443).
So if TLS needed to always be configured even in previous version, the doc is still misleading.
from gun.
...ok, all good then. I used this in some internal old test and was confused that it stopped working when erlang was upgraded. I was not aware that it did not verify the host before when opened without options, but that does not matter for my use case. Feel free to close this issue if you want then. Just wanted to document it somewhere if someone else stumbles upon this issue with old code and spends time on understanding why there is suddenly a timeout.
from gun.
I'll leave it open to make Gun stop early when configuration is wrong. Thank you!
from gun.
Yes the examples no longer work because OTP-26 broke them:
OTP-18455 Application(s): ssl
Related Id(s): GH-5899
*** POTENTIAL INCOMPATIBILITY ***
Change the client default verify option to verify_peer.
Note that this makes it mandatory to also supply
trusted CA certificates or explicitly set verify to
verify_none. This also applies when using the so called
anonymous test cipher suites defined in TLS versions
pre TLS-1.3.
Before, the connection would be established, but it couldn't be considered secure if you didn't provide additional configuration. Now the connection cannot be established.
As you can expect, this will be handled in a future Gun release, using the function I mentioned. Patches are of course welcome. There will likely be a Gun release soon, after Cowboy 2.11, before the HTTP/3 work gets merged into both Cowboy and Gun. That release would be a good fit for changing this behavior.
from gun.
public_key:cacerts_get()
was added in OTP 25 so I suppose we need to use a feature check like erlang:function_exported/3
. What default should we use for OTP < 25?
Should we add verify_none
to the examples? Or can we add {cacerts, public_key:cacerts_get()}
to the examples and write a note that they require OTP 25+?
from gun.
OTP < 25.0 can keep the current behavior and we can use cacerts_get
by default when it is available. Note that on 25 adding the cacerts
doesn't mean verification is enabled. Perhaps when cacerts_get
is available we can enable verification explicitly (unless the user configured verify
or cacerts
already).
Examples shouldn't need to be updated. We can decide on what version we target for the next version later, and make version-specific notes then.
from gun.
@essen thanks as always for the continual updates
from gun.
Related Issues (20)
- gun:connect expects proxy server to reply with HTTP/1.1, some servers respond with HTTP/1.0 HOT 3
- gun 2.0 RC ready? HOT 7
- HTTP2 gun_down event only delivered the connection owner but not to streams HOT 2
- Exposing HTTP2 "additional debug data" in received GOAWAY frames HOT 4
- [Bug] shutdown sends GOAWAY with reason internal error HOT 4
- Crash during termination when connecting to a server requiring mTLS over HTTP/2 HOT 17
- Feature: Response callback fun HOT 4
- Add stream idle timeout HOT 2
- Websocket upgrade fails on unix socket HOT 4
- function not exported {gun_http,ws_send,6} HOT 3
- Downgrade response time HTTP-2 after 1.3.0 to 2.0.1 HOT 26
- client_preferred_next_protocols is incompatible with TLS 1.3 HOT 1
- Types not exported - dialyzer fails
- timeout to connect to ws.postman-echo.com:443 HOT 6
- {:stream_error, :protocol_error, :"Stream reset by server."} HOT 5
- Update erlang.mk to support OTP 27 HOT 1
- Document gotchas using Gun from multiple entities using HTTP/2
- Connection process stopped handling requests HOT 11
- Can this client (or any?) make multiple concurrent outbound requests? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gun.