thanks got you response.
I am trying to a “well-known” host and expect this to “just work”.
when I do this {ok, C} = gun:open("stream.bybit.com", 443, #{trace => true}).
then among trace messages I see this
(<0.270.0>) returned from gun:normal_tls_handshake/4 -> {error,
{options,
incompatible,
[{verify,
verify_peer},
{cacerts,
undefined}]},
{state,<0.260.0>,
{up,
#Ref<0.1409967944.4169138179.104785>},
"stream.bybit.com",
443,<<"https">>,
"stream.bybit.com",
443,[],
#{trace => true},
undefined,undefined,
gun_tls,true,
{ssl,ssl_closed,
ssl_error},
undefined,undefined,
undefined,
gun_default_event_h,
undefined}} (Timestamp: {1714,
799752,
553756})
but if I specify additionally cacerts
(gun:open("stream.bybit.com", 443, #{trace => true, tls_opts => [{cacerts, certifi:cacerts()}]}).
) then I get
=NOTICE REPORT==== 4-May-2024::08:25:08.916337 ===
TLS client: In state wait_cert_cr at ssl_handshake.erl:2127 generated CLIENT ALERT: Fatal - Handshake Failure
- {bad_cert,hostname_check_failed}
=NOTICE REPORT==== 4-May-2024::08:25:08.978566 ===
TLS client: In state wait_cert_cr at ssl_handshake.erl:2127 generated CLIENT ALERT: Fatal - Handshake Failure
- {bad_cert,hostname_check_failed}