Merge remote-tracking branch 'refs/remotes/map/config-api-key'

1 files changed, 11 insertions, 1 deletions

diff --git a/src/plop_httputil.erl b/src/plop_httputil.erl
index 37e25c1..af4a5d1 100644
--- a/src/plop_httputil.erl
+++ b/src/plop_httputil.erl
@@ -59,15 +59,25 @@ verify_fun(Cert, valid_peer, UserState) ->
             {valid, UserState}
     end.
 
+read_and_verify_cacertfile(Filename) ->
+    {ok, PemBin} = file:read_file(Filename),
+    [KeyPem] = public_key:pem_decode(PemBin),
+    {'Certificate', Der, _} = KeyPem,
+    CalculatedHash = crypto:hash(sha256, Der),
+    CorrectHash = application:get_env(catlfish, https_cacert_fingerprint, none),
+    CorrectHash = CalculatedHash,
+    Der.
+
 request(DebugTag, URL, Headers, RequestBody) ->
     Starttime = os:timestamp(),
     ParsedURL = hackney_url:parse_url(URL),
     CACertFile = application:get_env(catlfish, https_cacertfile, none),
+    CACert = read_and_verify_cacertfile(CACertFile),
     #hackney_url{path = Path, host = Host} = ParsedURL,
     lager:debug("~s: sending http request to ~p",
                 [DebugTag, URL]),
     case hackney:connect(ParsedURL,
-                         [{ssl_options, [{cacertfile, CACertFile},
+                         [{ssl_options, [{cacerts, [CACert]},
                                          {verify, verify_peer},
                                          {verify_fun, {fun verify_fun/3,
                                                        [{check_hostname, Host}]}}