From 8b5f1609faffcf1166ca54c08df4ca9216c51993 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Thu, 14 Mar 2024 15:41:30 +0100
Subject: Use public_key:cacerts_get/0 when possible

Also "fix" many TLS test failures due to yet more changes
in the default options for TLS.

Also small changes to make Dialyzer happy.
---
 test/gun_SUITE.erl | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'test/gun_SUITE.erl')

diff --git a/test/gun_SUITE.erl b/test/gun_SUITE.erl
index 656158e..8b90774 100644
--- a/test/gun_SUITE.erl
+++ b/test/gun_SUITE.erl
@@ -462,13 +462,15 @@ server_name_indication_custom(_) ->
 	do_server_name_indication("localhost", net_adm:localhost(), #{
 		tls_opts => [
 			{verify, verify_none}, {versions, ['tlsv1.2']},
+			{fail_if_no_peer_cert, false},
 			{server_name_indication, net_adm:localhost()}]
 	}).
 
 server_name_indication_default(_) ->
 	doc("Ensure a default server_name_indication is accepted."),
 	do_server_name_indication(net_adm:localhost(), net_adm:localhost(), #{
-		tls_opts => [{verify, verify_none}, {versions, ['tlsv1.2']}]
+		tls_opts => [{verify, verify_none}, {versions, ['tlsv1.2']},
+			{fail_if_no_peer_cert, false}]
 	}).
 
 do_server_name_indication(Host, Expected, GunOpts) ->
@@ -630,7 +632,8 @@ tls_handshake_error_gun_http2_init_retry_0(_) ->
 		}},
 		protocols => [http2],
 		retry => 0,
-		transport => tls
+		transport => tls,
+		tls_opts => [{verify, verify_none}]
 	}),
 	{error, {down, {shutdown, closed}}} = gun:await_up(ConnPid),
 	gun:close(ConnPid).
@@ -665,7 +668,8 @@ tls_handshake_error_gun_http2_init_retry_1(_) ->
 		}},
 		protocols => [http2],
 		retry => 1,
-		transport => tls
+		transport => tls,
+		tls_opts => [{verify, verify_none}]
 	}),
 	{error, {down, {shutdown, closed}}} = gun:await_up(ConnPid),
 	gun:close(ConnPid).
-- 
cgit v1.2.3