chore: update ssl config (#161)

kitsteam · Nov 15, 2024 · bec8cd5 · bec8cd5
1 parent d43a06a
commit bec8cd5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 13 deletions.
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -54,25 +54,20 @@ if config_env() == :prod do
 
   maybe_ipv6 = if System.get_env("ECTO_IPV6"), do: [:inet6], else: []
 
+  ssl_config =
+    if System.get_env("DATABASE_SSL", "true") == "true",
+      do: [cacerts: :public_key.cacerts_get()],
+      else: nil
+
   config :wordcharts, Wordcharts.Repo,
     database: System.get_env("DATABASE_NAME"),
     hostname: System.get_env("DATABASE_HOST"),
     password: System.get_env("DATABASE_USER_PASSWORD"),
     username: System.get_env("DATABASE_USER"),
     pool_size: String.to_integer(System.get_env("POOL_SIZE", "10")),
     port: String.to_integer(System.get_env("DATABASE_PORT", "5432")),
-    ssl: System.get_env("DATABASE_SSL", "true") == "true",
-    socket_options: maybe_ipv6,
-    ssl_opts: [
-      verify: :verify_peer,
-      cacerts: :public_key.cacerts_get(),
-      versions: [:"tlsv1.3"],
-      depth: 3,
-      server_name_indication: String.to_charlist(System.get_env("DATABASE_HOST")),
-      customize_hostname_check: [
-        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
-      ]
-    ]
+    ssl: ssl_config,
+    socket_options: maybe_ipv6
 
   # The secret key base is used to sign/encrypt cookies and other secrets.
   # A default value is used in config/dev.exs and config/test.exs but you

diff --git a/mix.exs b/mix.exs
@@ -4,7 +4,7 @@ defmodule Wordcharts.MixProject do
   def project do
     [
       app: :wordcharts,
-      version: "0.1.9",
+      version: "0.1.10",
       elixir: "~> 1.12",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,