Use http-client-openssl instead of http-client-tls #137
Conversation
Using http-client-openssl that also handle the SSL_CERT_FILE environment variable refs channable#99
| { osslSettingsVerifyMode = | ||
| if not $ getOptionsValue oValidateCerts opts | ||
| then VerifyNone | ||
| else VerifyPeer |
There was a problem hiding this comment.
Could you use record syntax here to make it more clear what these settings do?
package.yaml
Outdated
| @@ -28,7 +30,7 @@ dependencies: | |||
| - utf8-string | |||
| - optparse-applicative | |||
|
|
|||
| ghc-options: -Wall -Werror | |||
| ghc-options: -threaded -rtsopts -Wall -Werror | |||
There was a problem hiding this comment.
Could you explain why these extra options are necessary?
There was a problem hiding this comment.
I am not an expert in this openssl library but without the -threaded option we face
ConnectionFailure user error (RTS doesn't support multiple OS threads (use ghc -threaded when linking)) at run time when trying to connect to vault. So it seems that openssl requires a threaded runtime.
-rtsopts enable all RTS options processing and can be configured at runtime through command line or environment variable. It enables users to configure the number of threads, the heap size, ... We could remove it until we know that we really need it as it might have security implications.
Using http-client-openssl that also handle the SSL_CERT_FILE environment variable
refs #99