Question: is there a way to configure ioredis tls to ignore certificate validation for ssl over ssh tunnel?

[marvin1up]

This stack overflow describes things in more detail, but basically I have an SSL-proxied redis instance in a VPC. I tunnel into the VPC, and then try to access the tunnel endpoint with rediss://127.0.0.1:6379 and get

[ioredis] Unhandled error event: Error [ERR_TLS_CERT_ALTNAME_INVALID]

I can prevent this error with,

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'

But was wondering if there was some configuration I could use for just this connection. As the stack overflow thread described, using openssl or the python redis library does not have this issue, and some different code using npmjs redis also does not raise this error.

This isn't a big deal, its just for some integration tests

[frossi85]

I have a similar error when using Redis on Heroku, this is the error: [ioredis] Unhandled error event: Error: self signed certificate in certificate chain

But I need this to work in prod so while this makes it work: process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'

Is a global thing that makes my api insecure as a whole.

So will be awesome if we can just pass a configuration to the Redis client. Something like this: ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }

[luin]

Sorry for the late response. If you're using the tls option I think rejectUnauthorized is what you're looking for. Ex tls: { rejectUnauthorized: false }. Lmk if this solves the issue.

[rchampourlier]

For reference, this is now documented in Heroku's DevCenter here.

[diegoaguilar]

Running ioredis 5.4.1 and trying both rejectUnauthorized and then checkServerIdentity a noop won't work for me :(

[BenjDrury]

Same here @diegoaguilar any updates on this?