mix: bump finch and use system cacerts

This upgrade pulls in a fix to better avoid killing re-actived pools, obsoletes the need for our own HTTP2 server push workaround and allows us to use system CA certs without breaking plain HTTP connections. We tried to to the latter before on a per request basis, but this didn’t actually do anything and we actually relied on the CAStore package fallback the entire time. The broken attempt was removed in ed5d609ba4. Resolves: #880
2026-01-27 00:00:00 +00:00 · 2026-01-27 00:00:00 +00:00 · be21f914f4
commit be21f914f4
parent b9eeebdfd7
3 changed files with 7 additions and 9 deletions
--- a/lib/pleroma/http/adapter_helper.ex
+++ b/lib/pleroma/http/adapter_helper.ex
@ -29,13 +29,11 @@ defmodule Pleroma.HTTP.AdapterHelper do
          conn_max_idle_time: Config.get!([:http, :receive_timeout]),
          protocols: Config.get!([:http, :protocols]),
          conn_opts: [
-            # Do NOT add cacerts here as this will cause issues for plain HTTP connections!
-            # (when we upgrade our deps to Mint >= 1.6.0 we can also explicitly enable "inet4: true")
-            transport_opts: [inet6: true],
-            # up to at least version 0.20.0, Finch leaves server_push enabled by default for HTTP2,
-            # but will actually raise an exception when receiving such a response. Tell servers we don't want it.
-            # see: https://github.com/sneako/finch/issues/325
-            client_settings: [enable_push: false]
+            # When we upgrade our deps to Mint >= 1.6.0 we can also explicitly enable "inet4: true"
+            transport_opts: [
+              inet6: true,
+              cacerts: :public_key.cacerts_get()
+            ]
          ]
        ]
      }
--- a/mix.exs
+++ b/mix.exs
@ -146,7 +146,7 @@ defmodule Pleroma.Mixfile do
      {:tesla, "~> 1.16.0"},
      {:castore, "~> 1.0"},
      {:cowlib, "~> 2.12"},
-      {:finch, "~> 0.20.0"},
+      {:finch, "~> 0.21.0"},
      {:jason, "~> 1.4"},
      {:trailing_format_plug, "~> 0.0.7"},
      {:mogrify, "~> 0.9"},
--- a/mix.lock
+++ b/mix.lock
@ -50,7 +50,7 @@
  "fast_sanitize": {:hex, :fast_sanitize, "0.2.3", "67b93dfb34e302bef49fec3aaab74951e0f0602fd9fa99085987af05bd91c7a5", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "e8ad286d10d0386e15d67d0ee125245ebcfbc7d7290b08712ba9013c8c5e56e2"},
  "file_ex": {:git, "https://akkoma.dev/AkkomaGang/file_ex.git", "cc7067c7d446c2526e9ecf91d40896b088851569", [ref: "cc7067c7d446c2526e9ecf91d40896b088851569"]},
  "file_system": {:hex, :file_system, "1.1.1", "31864f4685b0148f25bd3fbef2b1228457c0c89024ad67f7a81a3ffbc0bbad3a", [:mix], [], "hexpm", "7a15ff97dfe526aeefb090a7a9d3d03aa907e100e262a0f8f7746b78f8f87a5d"},
-  "finch": {:hex, :finch, "0.20.0", "5330aefb6b010f424dcbbc4615d914e9e3deae40095e73ab0c1bb0968933cadf", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.6.2 or ~> 1.7", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.1", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "2658131a74d051aabfcba936093c903b8e89da9a1b63e430bee62045fa9b2ee2"},
+  "finch": {:hex, :finch, "0.21.0", "b1c3b2d48af02d0c66d2a9ebfb5622be5c5ecd62937cf79a88a7f98d48a8290c", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.6.2 or ~> 1.7", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.1", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "87dc6e169794cb2570f75841a19da99cfde834249568f2a5b121b809588a4377"},
  "flake_id": {:git, "https://akkoma.dev/AkkomaGang/flake_id.git", "5a68513f7e7353706e788781eff6e56bf00bb41b", [branch: "main"]},
  "floki": {:hex, :floki, "0.38.0", "62b642386fa3f2f90713f6e231da0fa3256e41ef1089f83b6ceac7a3fd3abf33", [:mix], [], "hexpm", "a5943ee91e93fb2d635b612caf5508e36d37548e84928463ef9dd986f0d1abd9"},
  "gen_smtp": {:hex, :gen_smtp, "1.3.0", "62c3d91f0dcf6ce9db71bcb6881d7ad0d1d834c7f38c13fa8e952f4104a8442e", [:rebar3], [{:ranch, ">= 1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "0b73fbf069864ecbce02fe653b16d3f35fd889d0fdd4e14527675565c39d84e6"},