View Source Cldr.Http (cldr_utils v2.18.0)
Supports securely downloading https content.
Link to this section Summary
Functions
Securely download https content from a URL.
Link to this section Functions
Specs
Securely download https content from a URL.
This function uses the built-in :httpc
client but enables certificate verification
which is not enabled by :httc
by default.
See also https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl
Arguments
url
is a binary URL
Returns
{:ok, body}
if the return is successful{:error, error}
if the download is unsuccessful. An error will also be logged in these cases.
Certificate stores
In order to keep dependencies to a minimum,
get/1
attempts to locate an already installed
certificate store. It will try to locate a
store in the following order which is intended
to satisfy most host systems. The certificate
store is expected to be a path name on the
host system.
# A certificate store configured by the
# developer
Application.get_env(:ex_cldr, :cacertfile)
# Populated if hex package `CAStore` is configured
CAStore.file_path()
# Populated if hex package `certfi` is configured
:certifi.cacertfile()
# Debian/Ubuntu/Gentoo etc.
"/etc/ssl/certs/ca-certificates.crt",
# Fedora/RHEL 6
"/etc/pki/tls/certs/ca-bundle.crt",
# OpenSUSE
"/etc/ssl/ca-bundle.pem",
# OpenELEC
"/etc/pki/tls/cacert.pem",
# CentOS/RHEL 7
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
# Open SSL on MacOS
"/usr/local/etc/openssl/cert.pem",
# MacOS & Alpine Linux
"/etc/ssl/cert.pem"