From 2f1992da6340fbe2b7745d55d369210b0cdfb8b1 Mon Sep 17 00:00:00 2001
From: Steven Joseph <steven@stevenjoseph.in>
Date: Tue, 25 Jan 2022 13:03:53 +1100
Subject: [PATCH 1/3] Fix update as per
 https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/inets

---
 src/raven.erl | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/raven.erl b/src/raven.erl
index 413cc30..c4edfa8 100644
--- a/src/raven.erl
+++ b/src/raven.erl
@@ -65,11 +65,25 @@ capture(Message, Params) ->
 		{"User-Agent", UA}
 	],
 	ok = httpc:set_options([{ipfamily, Cfg#cfg.ipfamily}]),
-	httpc:request(post,
-		{Cfg#cfg.uri ++ "/api/store/", Headers, "application/octet-stream", Body},
-		[],
-		[{body_format, binary}]
-	),
+    httpc:request(
+      post,
+      {Cfg#cfg.uri ++ "/api/store/", Headers, "application/octet-stream", Body},
+      [
+        {
+          ssl,
+          [
+            {verify, verify_peer},
+            {cacertfile, "/etc/ssl/cert.pem"},
+            {depth, 2},
+            {
+              customize_hostname_check,
+              [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]
+            }
+          ]
+        }
+      ],
+      [{body_format, binary}]
+    ),
 	ok.
 
 -spec user_agent() -> iolist().

From 29f4cd2ffe2ac104e7d3a4eaeb0afc83ed7f9c58 Mon Sep 17 00:00:00 2001
From: Steven Joseph <steven@stevenjoseph.in>
Date: Tue, 25 Jan 2022 13:40:11 +1100
Subject: [PATCH 2/3] Fix upgrade jsone module

---
 rebar.config | 2 +-
 rebar.lock   | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/rebar.config b/rebar.config
index c5003d0..aa4d8b2 100644
--- a/rebar.config
+++ b/rebar.config
@@ -1,5 +1,5 @@
 %% -*- mode: erlang;erlang-indent-level: 4;indent-tabs-mode: nil -*-
 %% ex: ts=4 sw=4 noet syntax=erlang
 {deps, [
-	{jsone, "1.2.3"}
+	{jsone, "1.7.0"}
 ]}.
diff --git a/rebar.lock b/rebar.lock
index 121620a..f8141e1 100644
--- a/rebar.lock
+++ b/rebar.lock
@@ -1 +1,8 @@
-[{<<"jsone">>,{pkg,<<"jsone">>,<<"1.2.3">>},0}].
+{"1.2.0",
+[{<<"jsone">>,{pkg,<<"jsone">>,<<"1.7.0">>},0}]}.
+[
+{pkg_hash,[
+ {<<"jsone">>, <<"1E3BD7D5DD44BB2EB0797DDDEA1CBF2DDAB8D9F29E499A467CA171C23F5984EA">>}]},
+{pkg_hash_ext,[
+ {<<"jsone">>, <<"A3A33712EE6BC8BE10CFA21C7C425A299DE4C5A8533F9F931E577A6D0E8F5DBD">>}]}
+].

From 774ad5f2cf5118ff32d4099875ec1ffeffd21d1a Mon Sep 17 00:00:00 2001
From: Steven Joseph <steven@stevenjoseph.in>
Date: Thu, 27 Jan 2022 08:04:05 +1100
Subject: [PATCH 3/3] Fix allow override of cacertfile path

---
 README.md     | 2 ++
 src/raven.erl | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1058076..25f851a 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,8 @@ generally done in app.config or sys.config.
 {raven, [
     {dsn, "https://PUBLIC_KEY:PRIVATE_KEY@app.getsentry.com/PROJECT_ID"},
     {error_logger, true}  % Set to true in order to install the standard error logger
+    % Set cacert file location
+    % {cacertfile, "/etc/ssl/cert.pem"}
 ]}.
 ```
 
diff --git a/src/raven.erl b/src/raven.erl
index c4edfa8..e121354 100644
--- a/src/raven.erl
+++ b/src/raven.erl
@@ -73,7 +73,7 @@ capture(Message, Params) ->
           ssl,
           [
             {verify, verify_peer},
-            {cacertfile, "/etc/ssl/cert.pem"},
+            {cacertfile, application:get_env(raven,  cacertfile, "/etc/ssl/cert.pem")},
             {depth, 2},
             {
               customize_hostname_check,