chore: ssl_opts are deprecated, use ssl instead

b310-digital · Nov 15, 2024 · 2554537 · 2554537
1 parent 6ce94f8
commit 2554537
Showing 1 changed file with 6 additions and 13 deletions.
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -48,17 +48,6 @@ if config_env() != :test do
   # disable on prod, because logger_json will take care of this. set to :debug for test and dev
   ecto_log_level = if config_env() == :prod, do: false, else: :debug
 
-  # default ssl_opts:
-  ssl_opts = [
-    verify: :verify_peer,
-    depth: 3,
-    versions: [:"tlsv1.3"],
-    server_name_indication: String.to_charlist(System.get_env("DATABASE_HOST")),
-    customize_hostname_check: [
-      match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
-    ]
-  ]
-
   # either use system certificates or specify files:
   ssl_opts =
     if System.get_env("DATABASE_CERT_FILE") do
@@ -69,6 +58,11 @@ if config_env() != :test do
       ssl_opts ++ [cacerts: :public_key.cacerts_get()]
     end
 
+  ssl_config =
+    if System.get_env("DATABASE_SSL", "true") == "true",
+      do: ssl_opts,
+      else: nil
+
   config :mindwendel, Mindwendel.Repo,
     database: System.get_env("DATABASE_NAME"),
     hostname: System.get_env("DATABASE_HOST"),
@@ -79,8 +73,7 @@ if config_env() != :test do
     url: System.get_env("DATABASE_URL"),
     timeout: String.to_integer(System.get_env("DATABASE_TIMEOUT", "15000")),
     log: ecto_log_level,
-    ssl: System.get_env("DATABASE_SSL", "true") == "true",
-    ssl_opts: ssl_opts
+    ssl: ssl_config
 
   secret_key_base =
     System.get_env("SECRET_KEY_BASE") ||