Skip to content

retry mix httpc with disabled middlebox_comp_mode #14357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 24, 2025
Merged

retry mix httpc with disabled middlebox_comp_mode #14357

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b0a0009
disable middlebox_comp_mode in mix httpc
ruslandoga Mar 24, 2025
ef582cb
disable middlebox_comp_mode on failed connect
ruslandoga Mar 24, 2025
1ad7872
Update lib/mix/lib/mix/utils.ex
josevalim Mar 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 7 additions & 12 deletions lib/mix/lib/mix/utils.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,21 +738,11 @@ defmodule Mix.Utils do
file -> {:cacertfile, file}
end

# disable middlebox compatibility mode by default
# but allow it to be enabled via an environment variable
# see https://github.com/elixir-lang/elixir/issues/14356
middlebox_comp_mode =
case System.get_env("HEX_MIDDLEBOX_COMP_MODE") do
t when t in ["true", "t", "yes", "y", "1"] -> true
_ -> false
end

# Use the system certificates and set the middlebox compatibility mode
# Use the system certificates
ssl_options = [
cacert_opt,
verify: :verify_peer,
customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)],
middlebox_comp_mode: middlebox_comp_mode
customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)]
]

# We are using relaxed: true because some servers is returning a Location
Expand All @@ -775,6 +765,11 @@ defmodule Mix.Utils do
:httpc.set_options([ipfamily: fallback(inet)], :mix)
request |> httpc_request(http_options) |> httpc_response()

{:error, {:failed_connect, [{:to_address, _}, {inet, _, {:tls_alert, _}}]}}
when inet in [:inet, :inet6] ->
Copy link
Contributor Author

@ruslandoga ruslandoga Mar 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe less strict

{:error, {:failed_connect, [{:to_address, _}, {inet, _, reason}]}}
  when inet in [:inet, :inet6] and elem(reason, 0) == :tls_alert ->

or more strict

{:error, {:failed_connect, [{:to_address, _}, {inet, _, {:tls_alert, {:unexpected_message, _}}}]}}
  when inet in [:inet, :inet6] ->

matching?

Right now this error seems to always be {:tls_alert, _} but I couldn't find a record for it to future-proof it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think less strict is good as it is plausible to add more elements to the tuple.

http_options = put_in(http_options, [:ssl, :middlebox_comp_mode], false)
request |> httpc_request(http_options) |> httpc_response()

response ->
httpc_response(response)
end
Expand Down
Loading