SSL warnings during bootstrap

[saleyn]

A bootstrap of a fresh clone under Erlang 24 produces the warnings:

$ ./bootstrap 
./bootstrap:759:18: Warning: http_uri:parse/2 is deprecated and will be removed in OTP 25; use uri_string functions instead
=WARNING REPORT==== 24-Jun-2021::10:02:36.560475 ===
Description: "Authenticity is not established by certificate path validation"
     Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"

[ferd]

Yes, this is expected because we need to go download the certifi app that contains the certificate bundle we use after that. There is no cert bundle to be passed prior to that.

The warning isn't avoidable unless we run options to use the local OS CA bundle, which we should at least add to the CI process but can't easily do in a portable manner without a lot of extra code.

[saleyn]

The first warning though is avoidable by calling uri_string.
Maybe pass the {verify, verify_none} option to avoid the second?

[ferd]

The uri_string warning is not avoidable because it's using a dynamic call in a try...catch to support many versions.

[saleyn]

The uri_string warning is not avoidable because it's using a dynamic call in a try...catch to support many versions.

I see that it's already properly handled in the version-specific way with the OTP_RELEASE macro in rebar_uri:parse/1. Why wouldn't bootstrap call that function instead, which would effectively eliminate the warning?

[ferd]

Yeah that should work. I generally avoid that in rebar3 calls because rebar3 might be built on a different version than what runs, but bootstrap is always on an immediate run and should be skippable. I'll make a PR with that and edit this comment with it.

Edit PR: #2585