One of the things we do during the tests is change the config. But that's global state and different tests were interfering.
E.g. one test would set `clear_config([:instance, :admin_privileges], [:statuses_read])`, but while that runs, another test may
do `clear_config([:instance, :admin_privileges], [:user_invite])`. Now the code for the first test checks the setting, and it
finds `:user_invite` instead of `:statuses_read`.
Now the modules where this happens are marked to run synchronously, so they don't interfere with each other.
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).
It looks like the same issue already occurred before:
0cb7b0ea84.
A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):
$ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]
Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]
Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
{:error,
{:tls_alert,
{:protocol_version,
'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
With this patch, the output is the expected one:
iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
{:error,
{:ok,
%{
"@context" => [
"https://www.w3.org/ns/activitystreams",
"https://w3id.org/security/v1",
%{
"Emoji" => "toot:Emoji",
"Hashtag" => "as:Hashtag",
"atomUri" => "ostatus:atomUri",
"conversation" => "ostatus:conversation",
"featured" => "toot:featured",
"focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
"inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
"manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
"movedTo" => "as:movedTo",
"ostatus" => "http://ostatus.org#",
"sensitive" => "as:sensitive",
"toot" => "http://joinmastodon.org/ns#"
}
],
"endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
"followers" => "https://example.com/@/Nick/followers",
"following" => nil,
"icon" => %{
"type" => "Image",
"url" => "https://example.com/static/media/[...].png"
},
"id" => "https://example.com/@/Nick/",
"inbox" => "https://example.com/@/Nick/inbox",
"liked" => nil,
"name" => "Nick",
"outbox" => "https://example.com/@/Nick/outbox",
"preferredUsername" => "Nick",
"publicKey" => %{
"id" => "https://example.com/@/Nick/#main-key",
"owner" => "https://example.com/@/Nick/",
"publicKeyPem" => "[...]
},
"summary" => "",
"type" => "Person",
"url" => "https://example.com/@/Nick/"
}}
A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):
iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
{:error,
{:tls_alert,
{:protocol_version,
'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}