View Source Cldr.Http (cldr_utils v2.17.2)

Supports securely downloading https content.

Link to this section Summary

Functions

Securely download https content from a URL.

Link to this section Functions

Specs

get(String.t()) :: {:ok, binary()} | {:error, any()}

Securely download https content from a URL.

This function uses the built-in :httpc client but enables certificate verification which is not enabled by :httc by default.

See also https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl

Arguments

  • url is a binary URL

Returns

  • {:ok, body} if the return is successful

  • {:error, error} if the download is unsuccessful. An error will also be logged in these cases.

Certificate stores

In order to keep dependencies to a minimum, get/1 attempts to locate an already installed certificate store. It will try to locate a store in the following order which is intended to satisfy most host systems. The certificate store is expected to be a path name on the host system.

# A certificate store configured by the
# developer
Application.get_env(:ex_cldr, :cacertfile)

# Populated if hex package `CAStore` is configured
CAStore.file_path()

# Populated if hex package `certfi` is configured
:certifi.cacertfile()

# Debian/Ubuntu/Gentoo etc.
"/etc/ssl/certs/ca-certificates.crt",

# Fedora/RHEL 6
"/etc/pki/tls/certs/ca-bundle.crt",

# OpenSUSE
"/etc/ssl/ca-bundle.pem",

# OpenELEC
"/etc/pki/tls/cacert.pem",

# CentOS/RHEL 7
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",

# Open SSL on MacOS
"/usr/local/etc/openssl/cert.pem",

# MacOS & Alpine Linux
"/etc/ssl/cert.pem"