lua-resty-redis-connector icon indicating copy to clipboard operation
lua-resty-redis-connector copied to clipboard

Published 20 hours ago verified publisher icon ledgetech

Client ssl certificate authentication with sentinel

Open dmellos opened this issue 2 years ago • 1 comments

Hi,

Is it possible to send certificates as part of the call below when connecting to sentinel? I have setup redis and sentinel using TLS, but don't know how can clients connects to TLS Sentinel.

local redis, err = rc:connect { url = "sentinel://mymaster:m", sentinels = {}, password = "password", -- tls = { -- cert = "", -- key = "", -- cacert = "" -- } }

I am trying to do the following using lua-resty-redis-connector. redis-cli -p 26379
--tls
--cert /etc/redis/tls/redis.crt
--key /etc/redis/tls/redis.key
--cacert /etc/redis/tls/ca.crt

dmellos avatar May 11 '22 15:05 dmellos

It's not currently possible, because client certificates are not supported in OpenResty cosockets. However, lots of work has gone into this and I believe the feature was recently merged.

This means that at some point in the coming months there will hopefully be a mainline release of OpenResty which supports mTLS (via something like sock:setclientcert(key, cert)), and at this point we could consider adding this as a configuration parameter for this library (a PR would be most welcome!).

pintsized avatar May 12 '22 12:05 pintsized