Merge pull request #2 from WTTJ/feat/add-basic-ssl-options

feat: add basic SSL options
WTTJ · Sep 11, 2023 · 568ce8e · 568ce8e
2 parents c5ad31d + 3e77cd7
commit 568ce8e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -4,7 +4,9 @@
 
 They can be used with modules relying on ssl options like `:ssl` or `:hackney`.
 
-Current version provides a configuration based on [EEF Security WG recommandations](https://github.com/erlef/security-wg/blob/master/docs/secure_coding_and_deployment_hardening/ssl.md).
+Current version provides:
+- a basic configuration: `ExSslOptions.basic_options()`
+- a configuration based on [EEF Security WG recommandations](https://github.com/erlef/security-wg/blob/master/docs/secure_coding_and_deployment_hardening/ssl.md): `ExSslOptions.eef_options()`
 
 ## Installation
 

diff --git a/lib/ex_ssl_options.ex b/lib/ex_ssl_options.ex
@@ -3,6 +3,20 @@ defmodule ExSslOptions do
   This module returns SSL options
   """
 
+  @doc """
+  Very simple SSL configuration
+  """
+  def basic_options() do
+    [
+      verify: :verify_peer,
+      depth: 5,
+      cacerts: :certifi.cacerts(),
+      customize_hostname_check: [
+        {:match_fun, :public_key.pkix_verify_hostname_match_fun(:https)}
+      ]
+    ]
+  end
+
   @doc """
   SSL options according to [EEF Security WG recommandations](https://github.com/erlef/security-wg/blob/master/docs/secure_coding_and_deployment_hardening/ssl.md).
   """

diff --git a/test/ex_ssl_options_test.exs b/test/ex_ssl_options_test.exs
@@ -9,4 +9,10 @@ defmodule ExSslOptionsTest do
     assert is_list(options)
     assert Keyword.keys(options) == @allowed_keys
   end
+
+  test "should return basic SSL options" do
+    options = ExSslOptions.basic_options()
+    assert is_list(options)
+    assert Keyword.keys(options) -- @allowed_keys == []
+  end
 end