Correctly add customize_hostname_check to ssl options

lukebakken · michaelklishin · commit d239bbc537d9 · 2025-12-23T16:34:49.000-08:00
Follow-up to #11344 Prior to this fix, the `customize_hostname_check` option was incorrectly added to the general options passed to `httpc:request`, which results in the following error when the request is made: ``` [debug] <0.1.0> Enabling wildcard-aware hostname verification for HTTP client connections [notice] <0.1.0> Invalid option {customize_hostname_check, [notice] <0.1.0> [{match_fun,#Fun<public_key.6.112534691>}]} ignored [notice] <0.1.0> ``` With this fix, you can see that `customize_hostname_check` is added to the `ssl` section of the options: ``` 1> redbug:start("rabbit_auth_backend_http:ssl_options->return"). ... ... ... % rabbit_auth_backend_http:ssl_options/0 -> [{ssl, [{customize_hostname_check, [{match_fun, #Fun<public_key.6.112534691>}]}, {versions, ['tlsv1.3','tlsv1.2', 'tlsv1.1',tlsv1]}, {hibernate_after,6000}, {keyfile, "key.pem"}, {depth,10}, {crl_check,false}, {certfile, "certificate.pem"}, {cacertfile, "ca_certificate.pem"}, {fail_if_no_peer_cert,false}, {verify,verify_peer}]}] ``` (cherry picked from commit 4360e05)
diff --git a/deps/rabbitmq_auth_backend_http/src/rabbit_auth_backend_http.erl b/deps/rabbitmq_auth_backend_http/src/rabbit_auth_backend_http.erl
@@ -25,6 +25,8 @@
 
 -define(SUCCESSFUL_RESPONSE_CODES, [200, 201]).
 
+-define(APP, rabbitmq_auth_backend_http).
+
 %%--------------------------------------------------------------------
 
 description() ->
@@ -177,7 +179,7 @@ do_http_req(Path0, Query) ->
     {host, Host} = lists:keyfind(host, 1, URI),
     {port, Port} = lists:keyfind(port, 1, URI),
     HostHdr = rabbit_misc:format("~ts:~b", [Host, Port]),
-    {ok, Method} = application:get_env(rabbitmq_auth_backend_http, http_method),
+    {ok, Method} = application:get_env(?APP, http_method),
     Request = case rabbit_data_coercion:to_atom(Method) of
         get  ->
             Path = Path0 ++ "?" ++ Query,
@@ -188,12 +190,12 @@ do_http_req(Path0, Query) ->
             {Path0, [{"Host", HostHdr}], "application/x-www-form-urlencoded", Query}
     end,
     RequestTimeout =
-        case application:get_env(rabbitmq_auth_backend_http, request_timeout) of
+        case application:get_env(?APP, request_timeout) of
             {ok, Val1} -> Val1;
             _ -> infinity
         end,
     ConnectionTimeout =
-        case application:get_env(rabbitmq_auth_backend_http, connection_timeout) of
+        case application:get_env(?APP, connection_timeout) of
             {ok, Val2} -> Val2;
             _ -> RequestTimeout
         end,
@@ -212,17 +214,10 @@ do_http_req(Path0, Query) ->
     end.
 
 ssl_options() ->
-<<<<<<< HEAD
-    case application:get_env(rabbitmq_auth_backend_http, ssl_options) of
-        {ok, Opts0} when is_list(Opts0) ->
-            Opts1 = [{ssl, rabbit_ssl_options:fix_client(Opts0)}],
-            case application:get_env(rabbitmq_auth_backend_http, ssl_hostname_verification) of
-=======
     case application:get_env(?APP, ssl_options) of
         {ok, SslOpts0} when is_list(SslOpts0) ->
             SslOpts1 = rabbit_ssl_options:fix_client(SslOpts0),
             case application:get_env(?APP, ssl_hostname_verification) of
->>>>>>> 4360e05df (Correctly add `customize_hostname_check` to `ssl` options)
                 {ok, wildcard} ->
                     ?LOG_DEBUG("Enabling wildcard-aware hostname verification for HTTP client connections"),
                     %% Needed for HTTPS connections that connect to servers that use wildcard certificates.
@@ -236,7 +231,7 @@ ssl_options() ->
     end.
 
 p(PathName) ->
-    {ok, Path} = application:get_env(rabbitmq_auth_backend_http, PathName),
+    {ok, Path} = application:get_env(?APP, PathName),
     Path.
 
 q(Args) ->
