Support TLS opts for OTP >= 27 (#35)

* Add ssl_option specific code to support OTP > 27 * Use grisp_cryptoauth 2.3.0 to support OTP 27
grisp · Jun 27, 2024 · 4de211c · 4de211c
1 parent 41cacd5
commit 4de211c
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/rebar.config b/rebar.config
@@ -47,12 +47,12 @@
 {profiles, [
     {grisp, [
         {deps, [
-            {grisp_cryptoauth, "2.2.0"}
+            {grisp_cryptoauth, "2.3.0"}
         ]}
     ]},
     {prod, [
         {deps, [
-            {grisp_cryptoauth, "2.2.0"}
+            {grisp_cryptoauth, "2.3.0"}
         ]}
     ]},
     {test, [

diff --git a/src/grisp_connect_tls.erl b/src/grisp_connect_tls.erl
@@ -40,6 +40,31 @@ ssl_opts(_) ->
 
 -else.
 
+-if(?OTP_RELEASE >= 27).
+
+ssl_opts(ServerName) ->
+    case client_chain() of
+        {error, _Reason} = Error -> Error;
+        {ok, ClientChain} ->
+            {ok, [
+                {verify, verify_peer},
+                {depth, 99},
+                {cacerts, certifi:cacerts() ++ server_chain(ServerName)},
+                {customize_hostname_check, [
+                    {match_fun, public_key:pkix_verify_hostname_match_fun(https)}
+                ]},
+                {certs_keys, [#{
+                    cert => ClientChain,
+                    key => #{
+                        algorithm => ecdsa,
+                        sign_fun => fun grisp_cryptoauth:sign_fun/3
+                    }
+                }]}
+            ]}
+    end.
+
+-else. % ?OTP_RELEASE < 27
+
 ssl_opts(ServerName) ->
     case client_chain() of
         {error, _Reason} = Error -> Error;
@@ -61,6 +86,8 @@ ssl_opts(ServerName) ->
 
 -endif.
 
+-endif.
+
 client_chain() ->
     ClientCert = grisp_cryptoauth:read_cert(primary, der),
     {ok, IssuerId} = public_key:pkix_issuer_id(ClientCert, self),