3 files changed, 42 insertions, 28 deletions

diff --git a/lib/pleroma/gun/conn.ex b/lib/pleroma/gun/conn.ex
index 319718690..57a847c30 100644
--- a/lib/pleroma/gun/conn.ex
+++ b/lib/pleroma/gun/conn.ex
@@ -45,6 +45,7 @@ defmodule Pleroma.Gun.Conn do
       |> Map.put_new(:retry, pool_opts[:retry] || 1)
       |> Map.put_new(:retry_timeout, pool_opts[:retry_timeout] || 1000)
       |> Map.put_new(:await_up_timeout, pool_opts[:await_up_timeout] || 5_000)
+      |> maybe_add_tls_opts(uri)
 
     key = "#{uri.scheme}:#{uri.host}:#{uri.port}"
 
@@ -70,6 +71,29 @@ defmodule Pleroma.Gun.Conn do
     end
   end
 
+  defp maybe_add_tls_opts(opts, %URI{scheme: "http"}), do: opts
+
+  defp maybe_add_tls_opts(opts, %URI{scheme: "https", host: host}) do
+    tls_opts = [
+      verify: :verify_peer,
+      cacertfile: CAStore.file_path(),
+      depth: 20,
+      reuse_sessions: false,
+      verify_fun:
+        {&:ssl_verify_hostname.verify_fun/3,
+         [check_hostname: Pleroma.HTTP.Connection.format_host(host)]}
+    ]
+
+    tls_opts =
+      if Keyword.keyword?(opts[:tls_opts]) do
+        Keyword.merge(tls_opts, opts[:tls_opts])
+      else
+        tls_opts
+      end
+
+    Map.put(opts, :tls_opts, tls_opts)
+  end
+
   defp do_open(uri, %{proxy: {proxy_host, proxy_port}} = opts) do
     connect_opts =
       uri
diff --git a/lib/pleroma/http/adapter_helper/gun.ex b/lib/pleroma/http/adapter_helper/gun.ex
index 862e851c0..55c2b192a 100644
--- a/lib/pleroma/http/adapter_helper/gun.ex
+++ b/lib/pleroma/http/adapter_helper/gun.ex
@@ -45,21 +45,11 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do
 
   defp add_scheme_opts(opts, %URI{scheme: "http"}), do: opts
 
-  defp add_scheme_opts(opts, %URI{scheme: "https", host: host}) do
-    adapter_opts = [
-      certificates_verification: true,
-      transport: :tls,
-      tls_opts: [
-        verify: :verify_peer,
-        cacertfile: CAStore.file_path(),
-        depth: 20,
-        reuse_sessions: false,
-        verify_fun: {&:ssl_verify_hostname.verify_fun/3, [check_hostname: format_host(host)]},
-        log_level: :warning
-      ]
-    ]
-
-    Keyword.merge(opts, adapter_opts)
+  defp add_scheme_opts(opts, %URI{scheme: "https"}) do
+    opts
+    |> Keyword.put(:certificates_verification, true)
+    |> Keyword.put(:transport, :tls)
+    |> Keyword.put(:tls_opts, log_level: :warning)
   end
 
   defp maybe_get_conn(adapter_opts, uri, connection_opts) do
@@ -93,17 +83,4 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do
         |> Keyword.put(:close_conn, false)
     end
   end
-
-  @spec format_host(String.t()) :: charlist()
-  def format_host(host) do
-    host_charlist = to_charlist(host)
-
-    case :inet.parse_address(host_charlist) do
-      {:error, :einval} ->
-        :idna.encode(host_charlist)
-
-      {:ok, _ip} ->
-        host_charlist
-    end
-  end
 end
diff --git a/lib/pleroma/http/connection.ex b/lib/pleroma/http/connection.ex
index 777e5d4c8..0fc88f708 100644
--- a/lib/pleroma/http/connection.ex
+++ b/lib/pleroma/http/connection.ex
@@ -106,4 +106,17 @@ defmodule Pleroma.HTTP.Connection do
       {:ok, ip} -> ip
     end
   end
+
+  @spec format_host(String.t()) :: charlist()
+  def format_host(host) do
+    host_charlist = to_charlist(host)
+
+    case :inet.parse_address(host_charlist) do
+      {:error, :einval} ->
+        :idna.encode(host_charlist)
+
+      {:ok, _ip} ->
+        host_charlist
+    end
+  end
 end