From 767e1272b30342b4d2c44f023fb386256f38c0c6 Mon Sep 17 00:00:00 2001
From: XxXCertifiedForkliftDriverXxX <certified.forklift.driver@warehouse>
Date: Mon, 26 Jun 2023 13:50:49 +0000
Subject: [PATCH] Use OS CA store for Mint HTTP connections

---
 lib/pleroma/application.ex         |  3 +++
 lib/pleroma/http/adapter_helper.ex | 21 +++++++++++++++++++++
 mix.exs                            |  3 ++-
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex
index 0273972be..67444ccd8 100644
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@@ -262,11 +262,14 @@ defp http_children do
     proxy = Pleroma.HTTP.AdapterHelper.format_proxy(proxy_url)
     pool_size = Config.get([:http, :pool_size])
 
+    :public_key.cacerts_load()
+
     config =
       [:http, :adapter]
       |> Config.get([])
       |> Pleroma.HTTP.AdapterHelper.add_pool_size(pool_size)
       |> Pleroma.HTTP.AdapterHelper.maybe_add_proxy_pool(proxy)
+      |> Pleroma.HTTP.AdapterHelper.maybe_add_cacerts(:public_key.cacerts_get())
       |> Keyword.put(:name, MyFinch)
 
     [{Finch, config}]
diff --git a/lib/pleroma/http/adapter_helper.ex b/lib/pleroma/http/adapter_helper.ex
index e5da3ffa8..5bfb09f0f 100644
--- a/lib/pleroma/http/adapter_helper.ex
+++ b/lib/pleroma/http/adapter_helper.ex
@@ -47,6 +47,17 @@ def maybe_add_proxy_pool(opts, proxy) do
     |> put_in([:pools, :default, :conn_opts, :proxy], proxy)
   end
 
+  def maybe_add_cacerts(opts, nil), do: opts
+
+  def maybe_add_cacerts(opts, cacerts) do
+    opts
+    |> maybe_add_pools()
+    |> maybe_add_default_pool()
+    |> maybe_add_conn_opts()
+    |> maybe_add_transport_opts()
+    |> put_in([:pools, :default, :conn_opts, :transport_opts, :cacerts], cacerts)
+  end
+
   def add_pool_size(opts, pool_size) do
     opts
     |> maybe_add_pools()
@@ -82,6 +93,16 @@ defp maybe_add_conn_opts(opts) do
     end
   end
 
+  defp maybe_add_transport_opts(opts) do
+    transport_opts = get_in(opts, [:pools, :default, :conn_opts, :transport_opts])
+
+    unless is_nil(transport_opts) do
+      opts
+    else
+      put_in(opts, [:pools, :default, :conn_opts, :transport_opts], [])
+    end
+  end
+
   @doc """
   Merge default connection & adapter options with received ones.
   """
diff --git a/mix.exs b/mix.exs
index 6ba361e48..24ee55fc8 100644
--- a/mix.exs
+++ b/mix.exs
@@ -203,7 +203,8 @@ defp deps do
       {:excoveralls, "0.15.1", only: :test},
       {:mox, "~> 1.0", only: :test},
       {:websockex, "~> 0.4.3", only: :test},
-      {:dialyxir, "~> 1.0", only: [:dev], runtime: false}
+      {:dialyxir, "~> 1.0", only: [:dev], runtime: false},
+      {:mint, "~> 1.5.1", override: true}
     ] ++ oauth_deps()
   end