Merge pull request #26 from zdaniel86/otp-26-migration

make default cacerts connection options

rebar.config

@@ -1,4 +1,7 @@
-{erl_opts, [debug_info]}.
+{erl_opts, [
+    debug_info,
+    {platform_define, "^2[5-9]", cacerts}
+]}.
 {cover_enabled, true}.
 {eunit_opts, [verbose, {report,{eunit_surefire,[{dir,"."}]}}]}.
 {cover_enabled, true}.

src/lhttpc_client.erl

@@ -164,10 +164,11 @@ execute(From, Host, Port, Ssl, Path, Method, Hdrs0, Body, Options) ->
         true ->
             DefSslOptions = application:get_env(lhttpc, ssl_options, []),
             UserSslOptions = proplists:get_value(ssl_options, Options, []),
-            EffectiveSslOpts = lists:ukeymerge(1,
+            EffectiveSslOpts0 = lists:ukeymerge(1,
                 lists:ukeysort(1, UserSslOptions),
                 lists:ukeysort(1, DefSslOptions)
             ),
+            EffectiveSslOpts = add_cacerts(EffectiveSslOpts0),
             EffectiveTcpOptions ++ EffectiveSslOpts;
         false ->
             EffectiveTcpOptions
@@ -972,3 +973,24 @@ fix_inet_options(Options) ->
                 end;
             (Option) -> {true, Option}
         end, Options).
+
+-ifdef(cacerts).
+add_cacerts(ConnOpts) ->
+    case proplists:get_value(cacerts, ConnOpts) of
+        undefined ->
+            case proplists:get_value(verify, ConnOpts) of
+                verify_none ->
+                    %% don't retrieve system certificates if verify option
+                    %% is explicitly set to verify_none.
+                    ConnOpts;
+                _ ->
+                    %% Calling the `public_key:cacerts_get()` can be avoided
+                    %% if either {cacerts, ...} or {verify, verify_none} are
+                    %% configured
+                    [{cacerts, public_key:cacerts_get()} | ConnOpts]
+            end;
+        _ -> ConnOpts
+    end.
+-else.
+add_cacerts(ConnOpts) -> ConnOpts.
+-endif.