From aca82b0250388a4f2b4f3c8a7bf8e9e22f4ad7ae Mon Sep 17 00:00:00 2001
From: Kenny Krug <kenny.krug@gsa.gov>
Date: Tue, 4 Feb 2025 10:16:32 -0500
Subject: [PATCH] Database Engine Version Upgrade #1486 ssl options

---
 config/prod.exs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/prod.exs b/config/prod.exs
index ac597950f..cc57cdee8 100644
--- a/config/prod.exs
+++ b/config/prod.exs
@@ -16,12 +16,16 @@ config :challenge_gov, Web.Endpoint,
   cache_static_manifest: "priv/static/cache_manifest.json",
   secret_key_base: System.get_env("SECRET_KEY_BASE")
 
+check_hostname = 'cg-aws-broker-prodo0g0lv1irkwn9f3.ci7nkegdizyy.us-gov-west-1.rds.amazonaws.com'
+
 config :challenge_gov, ChallengeGov.Repo,
   url: System.get_env("DATABASE_URL"),
   ssl: true,
   ssl_opts: [
     cacertfile: "priv/certs/us-gov-west-1-bundle.pem",
-    verify: :verify_peer
+    server_name_indication: check_hostname,
+    verify: :verify_peer,
+    verify_fun: {&:ssl_verify_hostname.verify_fun/3, [check_hostname: check_hostname]}
   ],
   pool_size: String.to_integer(System.get_env("POOL_SIZE") || "15"),
   loggers: [{LoggerJSON.Ecto, :log, [:info]}]