Merge pull request #4121 from esl/support-erlang-26

Support for Erlang 26
esl · Oct 5, 2023 · 8307632 · 8307632
2 parents 2ea4207 + a19d783
commit 8307632
Show file tree

Hide file tree

Showing 33 changed files with 336 additions and 306 deletions.
diff --git a/.circleci/template.yml b/.circleci/template.yml
diff --git a/big_tests/dynamic_domains.config b/big_tests/dynamic_domains.config
@@ -87,7 +87,8 @@
         {transport, escalus_ws},
         {ssl, true},
         {port, 5285},
-        {wspath, <<"/ws-xmpp">>}]},
+        {wspath, <<"/ws-xmpp">>},
+        {ssl_opts, [{verify, verify_none}]}]},
     {carol_s, [
         {username, <<"carol_s">>},
         {server, <<"domain.example.com">>},
@@ -96,7 +97,8 @@
         {transport, escalus_bosh},
         {ssl, true},
         {path, <<"/http-bind">>},
-        {port, 5285}]},
+        {port, 5285},
+        {ssl_opts, [{verify, verify_none}]}]},
     {kate, [
         {username, <<"kate">>},
         {server, <<"domain.example.com">>},

diff --git a/big_tests/rebar.config b/big_tests/rebar.config
@@ -19,7 +19,7 @@
         {escalus, "4.2.10"},
         {cowboy, "2.9.0"},
         {csv, "3.0.3", {pkg, csve}},
-        {amqp_client, "3.11.6"},
+        {amqp_client, "3.12.6"},
         {esip, "1.0.48"},
         {jid, "2.0.0", {pkg, mongoose_jid}}
 ]}.
diff --git a/big_tests/rebar.lock b/big_tests/rebar.lock
@@ -1,12 +1,12 @@
 {"1.2.0",
-[{<<"amqp_client">>,{pkg,<<"amqp_client">>,<<"3.11.6">>},0},
+[{<<"amqp_client">>,{pkg,<<"amqp_client">>,<<"3.12.6">>},0},
  {<<"base16">>,{pkg,<<"base16">>,<<"2.0.1">>},0},
  {<<"bbmustache">>,{pkg,<<"bbmustache">>,<<"1.12.2">>},0},
  {<<"cowboy">>,{pkg,<<"cowboy">>,<<"2.9.0">>},0},
  {<<"cowlib">>,{pkg,<<"cowlib">>,<<"2.11.0">>},1},
  {<<"credentials_obfuscation">>,
-  {pkg,<<"credentials_obfuscation">>,<<"3.2.0">>},
-  2},
+  {pkg,<<"credentials_obfuscation">>,<<"3.4.0">>},
+  1},
  {<<"csv">>,{pkg,<<"csve">>,<<"3.0.3">>},0},
  {<<"escalus">>,{pkg,<<"escalus">>,<<"4.2.10">>},0},
  {<<"esip">>,{pkg,<<"esip">>,<<"1.0.48">>},0},
@@ -24,22 +24,22 @@
  {<<"p1_utils">>,{pkg,<<"p1_utils">>,<<"1.0.25">>},1},
  {<<"proper">>,{pkg,<<"proper">>,<<"1.4.0">>},0},
  {<<"quickrand">>,{pkg,<<"quickrand">>,<<"2.0.5">>},2},
- {<<"rabbit_common">>,{pkg,<<"rabbit_common">>,<<"3.11.6">>},1},
+ {<<"rabbit_common">>,{pkg,<<"rabbit_common">>,<<"3.12.6">>},1},
  {<<"ranch">>,{pkg,<<"ranch">>,<<"1.8.0">>},1},
  {<<"recon">>,{pkg,<<"recon">>,<<"2.5.3">>},2},
  {<<"stringprep">>,{pkg,<<"stringprep">>,<<"1.0.27">>},1},
  {<<"stun">>,{pkg,<<"stun">>,<<"1.2.6">>},1},
- {<<"thoas">>,{pkg,<<"thoas">>,<<"0.4.0">>},2},
+ {<<"thoas">>,{pkg,<<"thoas">>,<<"1.0.0">>},2},
  {<<"uuid">>,{pkg,<<"uuid_erl">>,<<"2.0.5">>},1},
  {<<"worker_pool">>,{pkg,<<"worker_pool">>,<<"6.0.1">>},1}]}.
 [
 {pkg_hash,[
- {<<"amqp_client">>, <<"DB2C61408276A08C35C3C05C0B7309E2F25BF8F8E30612B7F45794961859592F">>},
+ {<<"amqp_client">>, <<"B0050183BB4CFBD5B3F9A3276689DFA135A196AEDC3584110F231B2CE04B0426">>},
  {<<"base16">>, <<"F0549F732E03BE8124ED0D19FD5EE52146CC8BE24C48CBC3F23AB44B157F11A2">>},
  {<<"bbmustache">>, <<"0CABDCE0DB9FE6D3318131174B9F2B351328A4C0AFBEB3E6E99BB0E02E9B621D">>},
  {<<"cowboy">>, <<"865DD8B6607E14CF03282E10E934023A1BD8BE6F6BACF921A7E2A96D800CD452">>},
  {<<"cowlib">>, <<"0B9FF9C346629256C42EBE1EEB769A83C6CB771A6EE5960BD110AB0B9B872063">>},
- {<<"credentials_obfuscation">>, <<"BECF48ED7C96938600F88F486031BCBF9B9C4E3353CC314CA131C347C4C7815C">>},
+ {<<"credentials_obfuscation">>, <<"34E18B126B3AEFD6E8143776FBE1CECEEA6792307C99AC5EE8687911F048CFD7">>},
  {<<"csv">>, <<"69E7D9B3FDC72016644368762C6A3E6CBFEB85BCCADBF1BD99AB6C827E360E04">>},
  {<<"escalus">>, <<"3640C7EA77BCE0E5191751D9A02EF3A68CD0005F2705EC19026DFD96577D0434">>},
  {<<"esip">>, <<"3B3B3AFC798BE9458517D4FD2730674322368E54C2C1211AA630327354946D1B">>},
@@ -57,21 +57,21 @@
  {<<"p1_utils">>, <<"2D39B5015A567BBD2CC7033EEB93A7C60D8C84EFE1EF69A3473FAA07FA268187">>},
  {<<"proper">>, <<"89A44B8C39D28BB9B4BE8E4D715D534905B325470F2E0EC5E004D12484A79434">>},
  {<<"quickrand">>, <<"06FCAD85CB47D5C85C51D6BC9C84A082501BA098A89D64AD0A2F69599E034C04">>},
- {<<"rabbit_common">>, <<"2FF756A961212BCC85BBFFAE502123B6F0A82B464B988C10A60E811817C798A4">>},
+ {<<"rabbit_common">>, <<"FEBD37E11483F94B614CD636C1EDBCE1099FF64866598F75D0A624D3A60437C6">>},
  {<<"ranch">>, <<"8C7A100A139FD57F17327B6413E4167AC559FBC04CA7448E9BE9057311597A1D">>},
  {<<"recon">>, <<"739107B9050EA683C30E96DE050BC59248FD27EC147696F79A8797FF9FA17153">>},
  {<<"stringprep">>, <<"02808C7024BC6285CA6A8A67E7ADDFC16F35DDA55551A582C5181D8EA960E890">>},
  {<<"stun">>, <<"5D1978D340EA20EFB28BC1E58779A3A1D64568C66168DB4D20692E76CE813D5E">>},
- {<<"thoas">>, <<"86A72CCDC5EC388A13F9F843BCD6C1076640233B95440E47FFB8E3C0DBDB5A17">>},
+ {<<"thoas">>, <<"567C03902920827A18A89F05B79A37B5BF93553154B883E0131801600CF02CE0">>},
  {<<"uuid">>, <<"60FAEEB7EDFD40847ED13CB0DD1044BAABE4E79A00C0CA9C4D13A073914B1016">>},
  {<<"worker_pool">>, <<"CA262C2DFB3B4AF661B206C82065D86F83922B7227508AA6E0BC34D3E5AE5135">>}]},
 {pkg_hash_ext,[
- {<<"amqp_client">>, <<"5D81AA7B6900B9E60B7F3B2EE5C0F6E4C4AF9A2250FA7ECD78EC2DE8AA08477A">>},
+ {<<"amqp_client">>, <<"B856F6404E7AF98C90DA870C8CE50D1380F13F2CEE02F16564B5CC5142BAE308">>},
  {<<"base16">>, <<"06EA2D48343282E712160BA89F692B471DB8B36ABE8394F3445FF9032251D772">>},
  {<<"bbmustache">>, <<"688B33A4D5CC2D51F575ADF0B3683FC40A38314A2F150906EDCFC77F5B577B3B">>},
  {<<"cowboy">>, <<"2C729F934B4E1AA149AFF882F57C6372C15399A20D54F65C8D67BEF583021BDE">>},
  {<<"cowlib">>, <<"2B3E9DA0B21C4565751A6D4901C20D1B4CC25CBB7FD50D91D2AB6DD287BC86A9">>},
- {<<"credentials_obfuscation">>, <<"FE8ECE91A1BA6C8A08EB1063CFD5B063A723C5FE29A1FAD6B7CBD76CB18D2EEB">>},
+ {<<"credentials_obfuscation">>, <<"738ACE0ED5545D2710D3F7383906FC6F6B582D019036E5269C4DBD85DBCED566">>},
  {<<"csv">>, <<"741D1A55AABADAA3E0FE13051050101A73E90C4570B9F9403A939D9546813521">>},
  {<<"escalus">>, <<"08A84CAB2EDCE5F69EA5B93F039E6D7047FB3FF10CBD5B5AB855EE3144743B56">>},
  {<<"esip">>, <<"02B9FC6E071415CBC62105F5115AEB68D11184BDAD3960DA7B62EA3E99E7FCCF">>},
@@ -89,12 +89,12 @@
  {<<"p1_utils">>, <<"9219214428F2C6E5D3187FF8EB9A8783695C2427420BE9A259840E07ADA32847">>},
  {<<"proper">>, <<"18285842185BD33EFBDA97D134A5CB5A0884384DB36119FEE0E3CFA488568CBB">>},
  {<<"quickrand">>, <<"252CF0493570EBF1A58985CB71990982CDDCD4396B6427F1E10CF58924C1C052">>},
- {<<"rabbit_common">>, <<"9C04068470FFC5FCE988186295EBCD7970996746CECE4AAA30585F97DCD8EE11">>},
+ {<<"rabbit_common">>, <<"D85282C8C9BE456B42AA4B265EDE68D176CA8A28DFCF1D521BE19267167C0DC3">>},
  {<<"ranch">>, <<"49FBCFD3682FAB1F5D109351B61257676DA1A2FDBE295904176D5E521A2DDFE5">>},
  {<<"recon">>, <<"6C6683F46FD4A1DFD98404B9F78DCABC7FCD8826613A89DCB984727A8C3099D7">>},
  {<<"stringprep">>, <<"A5967B1144CA8002A58A03D16DD109FBD0BCDB82616CEAD2F983944314AF6A00">>},
  {<<"stun">>, <<"21AED098457E5099E925129459590592E001C470CF7503E5614A7A6B688FF146">>},
- {<<"thoas">>, <<"442296847ACA11DB8D25180693D7CA3073D6D7179F66952F07B16415306513B6">>},
+ {<<"thoas">>, <<"FC763185B932ECB32A554FB735EE03C3B6B1B31366077A2427D2A97F3BD26735">>},
  {<<"uuid">>, <<"E54373262CA88401689277947C54B95E9ECBC977BD5C57C9DD44AD9DA278E360">>},
  {<<"worker_pool">>, <<"772E12CCB26909EA7F804B52E86E733DF66BB8150F683B591B0A762196494C74">>}]}
 ].
diff --git a/big_tests/test.config b/big_tests/test.config
@@ -118,7 +118,8 @@
         {transport, escalus_bosh},
         {ssl, true},
         {path, <<"/http-bind">>},
-        {port, 5285}]},
+        {port, 5285},
+        {ssl_opts, [{verify, verify_none}]}]},
     {kate, [
         {username, <<"kate">>},
         {server, <<"localhost">>},
@@ -145,7 +146,8 @@
         {transport, escalus_ws},
         {ssl, true},
         {port, 5285},
-        {wspath, <<"/ws-xmpp">>}]},
+        {wspath, <<"/ws-xmpp">>},
+        {ssl_opts, [{verify, verify_none}]}]},
     {hacker, [
         {username, <<"hacker">>},
         {server, <<"localhost">>},

diff --git a/big_tests/tests/bosh_SUITE.erl b/big_tests/tests/bosh_SUITE.erl
@@ -173,7 +173,7 @@ create_and_terminate_session(Config) ->
                        {[global, data, xmpp, sent, xml_stanza_size], changed},
                        {[global, data, xmpp, received, c2s, bosh], changed},
                        {[global, data, xmpp, sent, c2s, bosh], changed},
-                       {[global, data, xmpp, received, c2s, tcp], 0}, 
+                       {[global, data, xmpp, received, c2s, tcp], 0},
                        {[global, data, xmpp, sent, c2s, tcp], 0}],
     PreStoryData = escalus_mongooseim:pre_story([{mongoose_metrics, MongooseMetrics}]),
     NamedSpecs = escalus_config:get_config(escalus_users, Config),
@@ -315,7 +315,13 @@ get_fusco_connection(Config) ->
     Path = proplists:get_value(path, CarolSpec),
     Port = proplists:get_value(port, CarolSpec),
     UseSSL = proplists:get_value(ssl, CarolSpec, false),
-    {ok, Client} = fusco_cp:start_link({binary_to_list(Host), Port, UseSSL}, [], 1),
+    Opts = case UseSSL of
+        true ->
+            [{connect_options, [{verify, verify_none}]}];
+        false ->
+            []
+    end,
+    {ok, Client} = fusco_cp:start_link({binary_to_list(Host), Port, UseSSL}, Opts, 1),
     {Server, Path, Client}.
 
 stream_error(Config) ->

diff --git a/big_tests/tests/connect_SUITE.erl b/big_tests/tests/connect_SUITE.erl
@@ -28,11 +28,13 @@
     [ct:fail("ASSERT EQUAL~n\tExpected ~p~n\tValue ~p~n", [(E), (V)])
      || (E) =/= (V)])).
 -define(SECURE_USER, secure_joe).
+-define(CACERT_FILE, "priv/ssl/cacert.pem").
 -define(CERT_FILE, "priv/ssl/fake_server.pem").
 -define(DH_FILE, "priv/ssl/fake_dh_server.pem").
 
 -import(distributed_helper, [mim/0,
                              mim2/0,
+                             mim3/0,
                              require_rpc_nodes/1,
                              rpc/4]).
 -import(domain_helper, [domain/0]).
@@ -344,7 +346,7 @@ clients_can_connect_with_advertised_ciphers(Config) ->
 stream_features_test(Config) ->
     UserSpec = escalus_fresh:freshen_spec(Config, ?SECURE_USER),
     List = [start_stream, stream_features, {?MODULE, verify_features}],
-    escalus_connection:start(UserSpec, List),
+    escalus_connection:start(UserSpec ++ [{ssl_opts, [{verify, verify_none}]}], List),
     ok.
 
 verify_features(Conn, Features) ->
@@ -367,7 +369,7 @@ metrics_test(Config) ->
                        {[global, data, xmpp, received, c2s, tls], changed},
                        {[global, data, xmpp, sent, c2s, tls], changed},
                        %% TCP traffic before starttls
-                       {[global, data, xmpp, received, c2s, tcp], changed}, 
+                       {[global, data, xmpp, received, c2s, tcp], changed},
                        {[global, data, xmpp, sent, c2s, tcp], changed}],
     PreStoryData = escalus_mongooseim:pre_story([{mongoose_metrics, MongooseMetrics}]),
     tls_authenticate(Config),
@@ -378,12 +380,13 @@ tls_authenticate(Config) ->
     UserSpec = escalus_fresh:create_fresh_user(Config, ?SECURE_USER),
     ConnetctionSteps = [start_stream, stream_features, maybe_use_ssl, authenticate],
     %% when
-    {ok, Conn, _} = escalus_connection:start(UserSpec, ConnetctionSteps),
+    {ok, Conn, _} = escalus_connection:start(UserSpec ++ [{ssl_opts, [{verify, verify_none}]}], ConnetctionSteps),
     % then
     true = escalus_tcp:is_using_ssl(Conn#client.rcv_pid).
 
 auth_bind_pipelined_session(Config) ->
-    UserSpec = [{ssl, true}, {parser_opts, [{start_tag, <<"stream:stream">>}]}
+    UserSpec = [{ssl, true}, {parser_opts, [{start_tag, <<"stream:stream">>}]},
+                {ssl_opts, [{verify, verify_none}]}
                 | escalus_fresh:create_fresh_user(Config, alice)],
 
     Username = proplists:get_value(username, UserSpec),
@@ -410,6 +413,7 @@ auth_bind_pipelined_session(Config) ->
 
 auth_bind_pipelined_auth_failure(Config) ->
     UserSpec = [{password, <<"badpassword">>}, {ssl, true},
+                {ssl_opts, [{verify, verify_none}]},
                 {parser_opts, [{start_tag, <<"stream:stream">>}]}
                 | escalus_fresh:freshen_spec(Config, alice)],
 
@@ -441,7 +445,8 @@ auth_bind_pipelined_starttls_skipped_error(Config) ->
                    AuthResponse).
 
 bind_server_generated_resource(Config) ->
-    UserSpec = [{resource, <<>>} | escalus_fresh:create_fresh_user(Config, ?SECURE_USER)],
+    UserSpec = [{resource, <<>>}, {ssl_opts, [{verify, verify_none}]}
+                | escalus_fresh:create_fresh_user(Config, ?SECURE_USER)],
     ConnectionSteps = [start_stream, stream_features, maybe_use_ssl, authenticate, bind],
     {ok, #client{props = NewSpec}, _} = escalus_connection:start(UserSpec, ConnectionSteps),
     {resource, Resource} = lists:keyfind(resource, 1, NewSpec),
@@ -620,19 +625,34 @@ c2s_port(Config) ->
         Value -> Value
     end.
 
+get_node(Port) ->
+    Mim2Port = ct:get_config({hosts, mim2, c2s_tls_port}),
+    Mim3Port = ct:get_config({hosts, mim3, c2s_tls_port}),
+    case Port of
+        Mim2Port ->
+            mim2();
+        Mim3Port ->
+            mim3();
+        _ ->
+            mim()
+    end.
+
 ciphers_available_in_os() ->
     CiphersStr = os:cmd("openssl ciphers 'ALL:eNULL'"),
     [string:strip(C, both, $\n) || C <- string:tokens(CiphersStr, ":")].
 
 ciphers_working_with_ssl_clients(Config) ->
     Port = c2s_port(Config),
+    Path = rpc(get_node(Port), os, getenv, ["PWD"]),
+    CertPath = Path ++ "/" ++ ?CERT_FILE,
     lists:filter(fun(Cipher) ->
-                         openssl_client_can_use_cipher(Cipher, Port)
+                         openssl_client_can_use_cipher(Cipher, Port, CertPath)
                  end, ciphers_available_in_os()).
 
-openssl_client_can_use_cipher(Cipher, Port) ->
+openssl_client_can_use_cipher(Cipher, Port, Path) ->
     PortStr = integer_to_list(Port),
     Cmd = "echo '' | openssl s_client -connect localhost:" ++ PortStr ++
+          " -cert \"" ++ Path ++ "\""
           " -cipher \"" ++ Cipher ++ "\" -tls1_2 2>&1",
     Output = os:cmd(Cmd),
     0 == string:str(Output, ":error:") andalso 0 == string:str(Output, "errno=0").
@@ -652,12 +672,12 @@ configure_c2s_listener(Config, ExtraC2SOpts) ->
     mongoose_helper:restart_listener(mim(), NewC2SListener).
 
 tls_opts(Mode, Config) ->
-    ExtraOpts = #{mode => Mode, certfile => ?CERT_FILE, dhfile => ?DH_FILE},
+    ExtraOpts = #{mode => Mode, cacertfile => ?CACERT_FILE, certfile => ?CERT_FILE, dhfile => ?DH_FILE},
     Module = proplists:get_value(tls_module, Config, fast_tls),
     maps:merge(default_c2s_tls(Module), ExtraOpts).
 
 set_secure_connection_protocol(UserSpec, Version) ->
-    [{ssl_opts, [{versions, [Version]}]} | UserSpec].
+    [{ssl_opts, [{versions, [Version]}, {verify, verify_none}]} | UserSpec].
 
 connect_to_invalid_host(Spec) ->
     {ok, Conn, _} = escalus_connection:start(Spec, [{?MODULE, connect_to_invalid_host}]),

diff --git a/big_tests/tests/graphql_gdpr_SUITE.erl b/big_tests/tests/graphql_gdpr_SUITE.erl
@@ -132,7 +132,7 @@ admin_gdpr_access_denied_filename_is_a_directory(Config) ->
         fun admin_gdpr_access_denied_filename_is_a_directory/2).
 
 admin_gdpr_access_denied_filename_is_a_directory(Config, Alice) ->
-    Filename = "//",
+    Filename = "./",
     Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
                                        list_to_binary(Filename), Config),
     ?assertEqual(<<"location_is_a_directory_error">>, get_err_code(Res)).

diff --git a/big_tests/tests/login_SUITE.erl b/big_tests/tests/login_SUITE.erl
@@ -435,13 +435,16 @@ configure_c2s_listener(Config) ->
 create_tls_users(Config) ->
    Config1 = escalus:create_users(Config, escalus:get_users([alice, neustradamus])),
    Users = proplists:get_value(escalus_users, Config1, []),
-   NSpec = lists:keydelete(starttls, 1, proplists:get_value(neustradamus, Users)),
-   NSpec2 = {neustradamus, lists:keystore(ssl, 1, NSpec, {ssl, true})},
-   NewUsers = lists:keystore(neustradamus, 1, Users, NSpec2),
-   AliceSpec = proplists:get_value(alice, Users),
-   AliceSpec2 = {alice, lists:keystore(ssl, 1, AliceSpec, {ssl, true})},
-   NewUsers2 = lists:keystore(alice, 1, NewUsers, AliceSpec2),
-   lists:keystore(escalus_users, 1, Config1, {escalus_users, NewUsers2}).
+   Users1 = prepare_user_for_ssl(Users, neustradamus),
+   Users2 = prepare_user_for_ssl(Users1, alice),
+   lists:keystore(escalus_users, 1, Config1, {escalus_users, Users2}).
+
+prepare_user_for_ssl(Users, User) ->
+   UserSpec = proplists:get_value(User, Users),
+   UserSpec1 = lists:keydelete(starttls, 1, UserSpec),
+   UserSpec2 = lists:keystore(ssl, 1, UserSpec1, {ssl, true}),
+   UserSpec3 = lists:keystore(ssl_opts, 1, UserSpec2, {ssl_opts, [{verify, verify_none}]}),
+   lists:keystore(User, 1, Users, {User, UserSpec3}).
 
 delete_tls_users(Config) ->
     escalus:delete_users(Config, escalus:get_users([alice, neustradamus])).

diff --git a/big_tests/tests/push_integration_SUITE.erl b/big_tests/tests/push_integration_SUITE.erl
@@ -133,7 +133,8 @@ init_per_suite(Config) ->
     mongoose_push_mock:start(Config),
     Port = mongoose_push_mock:port(),
     PoolOpts = #{strategy => available_worker, workers => 20},
-    ConnOpts = #{host => "https://localhost:" ++ integer_to_list(Port), request_timeout => 2000},
+    ConnOpts = #{host => "https://localhost:" ++ integer_to_list(Port), request_timeout => 2000,
+                 tls => #{verify_mode => none}},
     Pool = config([outgoing_pools, http, mongoose_push_http], #{opts => PoolOpts, conn_opts => ConnOpts}),
     [{ok, _Pid}] = rpc(?RPC_SPEC, mongoose_wpool, start_configured_pools, [[Pool]]),
     ConfigWithModules = dynamic_modules:save_modules(domain(), Config),

diff --git a/big_tests/tests/rest_client_SUITE.erl b/big_tests/tests/rest_client_SUITE.erl
@@ -1125,7 +1125,8 @@ is_participant(User, Role, RoomInfo) ->
 
 connect_to_sse(User) ->
     Port = ct:get_config({hosts, mim, http_api_client_endpoint_port}),
-    sse_helper:connect_to_sse(Port, "/api/sse", credentials(User), #{transport => tls}).
+    sse_helper:connect_to_sse(Port, "/api/sse", credentials(User), #{transport => tls,
+        tls_opts => [{verify, verify_none}]}).
 
 assert_json_message(Sent, Received) ->
     #{<<"body">> := Body,

diff --git a/big_tests/tests/rest_helper.erl b/big_tests/tests/rest_helper.erl
@@ -179,7 +179,13 @@ fusco_request(#{ role := Role, method := Method, path := Path, body := Body, ser
     fusco_request(Method, Path, Body, Headers, get_port(Role, Server, Params), get_ssl_status(Role, Server), Params).
 
 fusco_request(Method, Path, Body, HeadersIn, Port, SSL, Params) ->
-    {ok, Client} = fusco_cp:start_link({"localhost", Port, SSL}, [], 1),
+    Opts = case SSL of
+        true ->
+            [{connect_options, [{verify, verify_none}]}];
+        false ->
+            []
+    end,
+    {ok, Client} = fusco_cp:start_link({"localhost", Port, SSL}, Opts, 1),
     Headers = [{<<"Content-Type">>, <<"application/json">>},
                {<<"Request-Id">>, random_request_id()} | HeadersIn],
     {ok, Result} = fusco_cp:request(Client, Path, Method, Headers, Body, 2, 10000),

diff --git a/big_tests/tests/s2s_SUITE.erl b/big_tests/tests/s2s_SUITE.erl
@@ -355,7 +355,7 @@ connection_args(FromServer, RequestedName, Config) ->
      {requested_name, RequestedName},
      {starttls, required},
      {port, ct:get_config({hosts, fed, incoming_s2s_port})},
-     {ssl_opts, [{versions, ['tlsv1.2']}, {certfile, CertFile}, {keyfile, KeyFile}]}].
+     {ssl_opts, [{versions, ['tlsv1.2']}, {verify, verify_none}, {certfile, CertFile}, {keyfile, KeyFile}]}].
 
 s2s_start_stream_with_wrong_namespace(Conn = #client{props = Props}, Features) ->
     Start = s2s_stream_start_stanza(Props, fun(Attrs) -> Attrs#{<<"xmlns">> => <<"42">>} end),

diff --git a/big_tests/tests/sasl_external_SUITE.erl b/big_tests/tests/sasl_external_SUITE.erl
@@ -337,7 +337,8 @@ no_cert_fails_to_authenticate(_C) ->
                 {password, <<"break_me">>},
                 {resource, <<>>}, %% Allow the server to generate the resource
                 {auth, {escalus_auth, auth_sasl_external}},
-                {starttls, required}],
+                {starttls, required},
+                {ssl_opts, [{fail_if_no_peer_cert, false}, {verify, verify_none}]}],
 
     Result = escalus_connection:start(UserSpec),
     ?assertMatch({error, {connection_step_failed, _, _}}, Result),
@@ -417,7 +418,8 @@ generate_user(C, User, Transport) ->
               {resource, <<>>}, %% Allow the server to generate the resource
               {auth, {escalus_auth, auth_sasl_external}},
               {transport, Transport},
-              {ssl_opts, [{versions, ['tlsv1.2']},
+              {ssl_opts, [{verify, verify_none},
+                          {versions, ['tlsv1.2']},
                           {certfile, maps:get(cert, UserCert)},
                           {keyfile, maps:get(key, UserCert)}]}],
     Common ++ transport_specific_options(Transport)

diff --git a/big_tests/tests/service_domain_db_SUITE.erl b/big_tests/tests/service_domain_db_SUITE.erl
@@ -972,9 +972,11 @@ rest_can_enable_domain(Config) ->
 
 rest_can_select_domain(Config) ->
     rest_put_domain(Config, <<"example.db">>, <<"type1">>),
+    {HttpStatus, {Info}} = rest_select_domain(Config, <<"example.db">>),
+    SortedResult = {HttpStatus, {lists:sort(Info)}},
     {{<<"200">>, <<"OK">>},
-     {[ {<<"status">>, <<"enabled">>}, {<<"host_type">>, <<"type1">>} ]}} =
-        rest_select_domain(Config, <<"example.db">>).
+     {[ {<<"host_type">>, <<"type1">>}, {<<"status">>, <<"enabled">>} ]}} =
+        SortedResult.
 
 rest_cannot_select_domain_if_domain_not_found(Config) ->
     {{<<"404">>, <<"Not Found">>}, <<"Given domain does not exist">>} =