Certificates with wildcards are not handled correctly about gun HOT 10 OPEN

Did you ever find a solution to this? I'm having a similar problem

from gun.

Yes, the fix has not been incorporated but you can use my fork if you like or pester the maintainer to include the fix :-). The diff is very small. https://github.com/jbevemyr/gun
There are two commits in my fork that solves the problem.

jbevemyr@fdd196c
jbevemyr@6d0ee4f

from gun.

You do not need to modify Gun to do this, you can just provide the transport options when you open the connection.

Edit: I will go over the PRs once I am done with my current work, shouldn't take more than a few more weeks now.

from gun.

@essen That sounds great, can you give me a hint on how to do that?

from gun.

Something like this

CustomFun = public_key:pkix_verify_hostname_match_fun(https),
TransOpts = [{customize_hostname_check, [{match_fun, CustomFun}]}],
ConnectionOpts = #{transport => tls, tls_opts => TransOpts},
gun:open(Host, Port, ConnectionOpts)

If you are using Erlang.

from gun.

Does anything need to be done in Gun with regard to this? Can we close this?

from gun.

I think the gun should be changed to use the public_key:pkix_verify_hostname_match_fun(https) fun to check hostnames since that is the expected behaviour when using https.

from gun.

Can that be set without setting any other TLS option? Considering Gun currently does not verify certificates by default and I don't think this will change in 2.0.

from gun.

Right, that is true. Don't know if it can be set separately.

from gun.

OK. Considering the limited time I have I will leave this ticket open and see this after 2.0. I think it would be a good idea for Gun to optionally be fully configured for TLS, perhaps using the same library Hackney has, but it needs work. Let's keep this ticket open for visibility.

from gun.