elixir-ecto/postgrex

SSL Config - no longer accepts functions?

jamesvl opened this issue · 2 comments

I'm getting the following error when building a release via mix release:

(Mix) Could not read configuration file. It has invalid configuration terms such as functions, references, and pids. Please make sure your configuration is made of numbers, atoms, strings, maps, tuples and lists. The following entries are wrong:

... customize_hostname_check: [match_fun: #Function<6.108018300/2 in :public_key.pkix_verify_hostname_match_fun/1>],

My Repo config is set up like

config :portals, MyApp.Repo,
  username: "myuser",
  database: "mydb",
  hostname: "something.rds.amazonaws.com",
  port: 5432,
  ssl: true,
  ssl_opts: [
    verify: :verify_peer,
    cacertfile: "priv/cert/aws-bundle.pem",
    # Erlang option - needs to be a charlist, not a binary
    server_name_indication: 'something.rds.amazonaws.com',
    customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)],
    depth: 3
  ]

I took this directly from the Postgrex SSL docs; am I missing something with my config, or did mix change behaviors and passing a function is no longer permitted?

Passing a function there was never permitted via config but I believe Ecto supervisors support an init callback and you can return those specific ssl_opts from the init callback.

Something like this:

config :portals, MyApp.Repo,
  aws_ssl: true

and then in your Ecto.Repo:

def init(_type, config) do
  config =
    if config[:aws_ssl] do
      Keyword.put(config, :ssl_opts, ...)
    else
      config
    end

  {:ok, config}
end

And if this works, please do send a pull request to update the docs?

Thank you - I'll investigate and submit a PR for the docs for this.