masque_tls (masque v0.7.0)

View Source

Safe TLS client options for MASQUE's HTTP/1.1 rung.

Centralises the TLS options every h1 client session sends to ssl:connect/4. Defaults match the posture erlang_h1 uses on its own TLS client: verify the peer, trust the system CA store, check the hostname against the certificate, and advertise http/1.1 in ALPN. IPv6 literals are not valid SNI values (RFC 6066 section 3), so SNI is omitted when the proxy host is an IP literal.

Caller overrides win: anything on ssl_opts in the session opts is merged on top of the defaults, and the top-level verify opt shorthand is honoured for parity with the h2/h3 sessions.

Summary

Types

proxy_host/0

Functions

client_opts(Host, Opts)

Build a merged list of ssl:tls_client_option() suitable for ssl:connect/4 when dialing a MASQUE proxy on HTTP/1.1. Accepts the proxy host (as used on the wire) and the session-level opts map. The following opts keys are consumed

Types

proxy_host/0

-type proxy_host() :: binary() | string().

Functions

client_opts(Host, Opts)

-spec client_opts(proxy_host(), map()) -> [ssl:tls_client_option()].

Build a merged list of ssl:tls_client_option() suitable for ssl:connect/4 when dialing a MASQUE proxy on HTTP/1.1. Accepts the proxy host (as used on the wire) and the session-level opts map. The following opts keys are consumed:

verify : verify_peer | verify_none (default verify_peer) ssl_opts : list of extra ssl:tls_client_option() merged last

Everything else in the opts map is ignored. Returns a plain list ready to pass through to ssl:connect/4.