ioredis icon indicating copy to clipboard operation
ioredis copied to clipboard

Question: is there a way to configure ioredis tls to ignore certificate validation for ssl over ssh tunnel?

Open marvin1up opened this issue 5 years ago • 5 comments

This stack overflow describes things in more detail, but basically I have an SSL-proxied redis instance in a VPC. I tunnel into the VPC, and then try to access the tunnel endpoint with rediss://127.0.0.1:6379 and get

[ioredis] Unhandled error event: Error [ERR_TLS_CERT_ALTNAME_INVALID]

I can prevent this error with,

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'

But was wondering if there was some configuration I could use for just this connection. As the stack overflow thread described, using openssl or the python redis library does not have this issue, and some different code using npmjs redis also does not raise this error.

This isn't a big deal, its just for some integration tests

marvin1up avatar Dec 24 '20 16:12 marvin1up

I have a similar error when using Redis on Heroku, this is the error: [ioredis] Unhandled error event: Error: self signed certificate in certificate chain

But I need this to work in prod so while this makes it work: process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'

Is a global thing that makes my api insecure as a whole.

So will be awesome if we can just pass a configuration to the Redis client. Something like this: ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }

frossi85 avatar Mar 30 '21 18:03 frossi85

Sorry for the late response. If you're using the tls option I think rejectUnauthorized is what you're looking for. Ex tls: { rejectUnauthorized: false }. Lmk if this solves the issue.

luin avatar Mar 31 '21 01:03 luin

For reference, this is now documented in Heroku's DevCenter here.

rchampourlier avatar Aug 23 '21 15:08 rchampourlier

Running ioredis 5.4.1 and trying both rejectUnauthorized and then checkServerIdentity a noop won't work for me :(

diegoaguilar avatar Oct 22 '24 04:10 diegoaguilar

Same here @diegoaguilar any updates on this?

BenjDrury avatar Jun 02 '25 07:06 BenjDrury