From d812c8bbc7ed5605650e7baca3397617a86fc154 Mon Sep 17 00:00:00 2001
From: Alex S <alex.strizhakov@gmail.com>
Date: Thu, 22 Aug 2019 12:38:39 +0300
Subject: [PATCH] opts to verify certificates by gun

---
 lib/pleroma/http/connection.ex | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/pleroma/http/connection.ex b/lib/pleroma/http/connection.ex
index ef2ee918d..fbf135bf9 100644
--- a/lib/pleroma/http/connection.ex
+++ b/lib/pleroma/http/connection.ex
@@ -59,9 +59,20 @@ defmodule Pleroma.HTTP.Connection do
       conn ->
         %{host: host, port: port} = URI.parse(url)
 
+        # verify sertificates opts for gun
+        tls_opts = [
+          verify: :verify_peer,
+          cacerts: :certifi.cacerts(),
+          depth: 20,
+          server_name_indication: to_charlist(host),
+          reuse_sessions: false,
+          verify_fun: {&:ssl_verify_hostname.verify_fun/3, [check_hostname: to_charlist(host)]}
+        ]
+
         Keyword.put(options, :conn, conn)
         |> Keyword.put(:close_conn, false)
         |> Keyword.put(:original, "#{host}:#{port}")
+        |> Keyword.put(:tls_opts, tls_opts)
     end
   end
 end