This is an automated email from the ASF dual-hosted git repository. vatamane pushed a commit to branch dont-need-to-set-verify-peer in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit d3119d3abf70377d06b0738f4bfac2af7cf8f6c4 Author: Nick Vatamaniuc <[email protected]> AuthorDate: Fri Mar 20 19:38:01 2026 -0400 Don't need to set verify_peer any longer As of OTP 26 it's the new default. [1] https://www.erlang.org/doc/apps/ssl/ssl.html#t:client_option_cert/0 > The default for Verify was changed to verify_peer in Erlang/OTP 26. --- src/couch_replicator/src/couch_replicator_parse.erl | 3 ++- src/couch_replicator/src/couch_replicator_utils.erl | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/couch_replicator/src/couch_replicator_parse.erl b/src/couch_replicator/src/couch_replicator_parse.erl index f2d40acbe..296422432 100644 --- a/src/couch_replicator/src/couch_replicator_parse.erl +++ b/src/couch_replicator/src/couch_replicator_parse.erl @@ -491,7 +491,8 @@ ssl_verify_options(true) -> % https://security.erlef.org/secure_coding_and_deployment_hardening/ssl.html ssl_ca_cert_opts() ++ [ - {verify, verify_peer}, + % as of OTP 26 {verify, verify_peer} is set by default, so don't + % need to explicilty pass it anymore. {customize_hostname_check, [ {match_fun, public_key:pkix_verify_hostname_match_fun(https)} ]} diff --git a/src/couch_replicator/src/couch_replicator_utils.erl b/src/couch_replicator/src/couch_replicator_utils.erl index 5e8187200..d784b8a84 100644 --- a/src/couch_replicator/src/couch_replicator_utils.erl +++ b/src/couch_replicator/src/couch_replicator_utils.erl @@ -355,7 +355,6 @@ check_ssl_certificates(#rep{} = Rep, Type) -> {is_ssl, true}, {ssl_options, [ {cacertfile, CACertFile}, - {verify, verify_peer}, {customize_hostname_check, [ {match_fun, public_key:pkix_verify_hostname_match_fun(https)} ]},
