go-redis icon indicating copy to clipboard operation
go-redis copied to clipboard

Published 20 hours ago verified publisher icon redis

Support specifying TLS options in connection string

Open vlasky opened this issue 2 years ago • 3 comments

Discussed in https://github.com/go-redis/redis/discussions/2023

Originally posted by vlasky February 16, 2022 There is currently no support for specifying custom TLS certificate files as options in the Redis connection string.

If you specify a rediss URL in the connection string, redis.ParseURL() always applies the fixed TLS option ServerName as seen in the code below:

https://github.com/go-redis/redis/blob/997118894af9d4244d4a471f2b317eead9c9ca62/options.go#L269-L271

I am seeking for redis.ParseURL() to be enhanced to support the following crypto/tls configuration options:

TLSCertPEMFile - path/filename of public key and any intermediate certificates in PEM format TLSKeyPEMFile - path/filename of private key in PEM format TLSMinVersion - minimum TLS version supported TLSMaxVersion - maximum TLS version supported TLSServerName - optionally used to override the default SNI hostname during TLS handshaking TLSInsecureSkipVerify - if set true, accepts any certificate presented by the server and any host name in that certificate, to only be used for testing

vlasky avatar Feb 16 '22 08:02 vlasky

Cc @elena-kolevska mind having a look?

chayim avatar Mar 21 '23 09:03 chayim

@chayim @vlasky @elena-kolevska Any chance of getting #2076 merged?

gaby avatar Sep 10 '23 01:09 gaby

@ofekshenawa mind having a look at this?

chayim avatar Feb 14 '24 13:02 chayim