self signed certs fail in otp 26 #200
Description
PR #194 "Detect Self Signed Certificate Authority for Kubernetes Strategy" added support for using /run/secrets/kubernetes.io/serviceaccount/ca.crt as the cacert when making httpc connections. However, OTP 26 returns selfsigned_peer error if that ca.crt is the actual certificate being served by kubernetes. It is necessary to provide a custom verify_fun handler to the ssl options, in order to actually allow the ca.crt to be served, vs being the issuer of the actual served certificate.
In other words, the title of the PR is misleading and does not solve what is stated. #194 does add support for certificate validation using the kubernetes certificate authority, which is good. But it'd be useful for some scenarios to actually support an actual self signed peer certificate as well.
See also erlang/otp#8057