ssl updates

config/prod.exs

@@ -16,13 +16,20 @@ config :challenge_gov, Web.Endpoint,
   cache_static_manifest: "priv/static/cache_manifest.json",
   secret_key_base: System.get_env("SECRET_KEY_BASE")
 
+db_ssl_ca_cert = Path.join([:code.priv_dir(:challenge_gov), "certs", "us-gov-west-1-bundle.pem"])
+check_hostname = String.to_charlist(System.get_env("DATABASE_HOST"))
+
+ssl_opts = [
+  cacertfile: db_ssl_ca_cert,
+  server_name_indication: check_hostname,
+  verify: :verify_peer,
+  # using erlang library ssl_verify_fun for ssl verification
+  verify_fun: {&:ssl_verify_hostname.verify_fun/3, [check_hostname: check_hostname]}
+]
 config :challenge_gov, ChallengeGov.Repo,
   url: System.get_env("DATABASE_URL"),
-  ssl:
-    if(System.get_env("DATABASE_SSL") == "true",
-      do: [verify: :verify_ca, cacertfile: "config/us-gov-west-1-bundle.pem"],
-      else: false
-    ),
+  ssl: true,
+  ssl_opts: ssl_opts,
   pool_timeout: :infinity,
   timeout: :infinity,
   pool_size: String.to_integer(System.get_env("POOL_SIZE") || "15"),