RedisCluster with ssl_check_hostname

[wicol]

Version: 5.0.1 Platform: Python 3.11 on docker python3.11-slim Description: ssl_check_hostname is discarded by redis.cluster.clean_kwargs since it's not in redis.cluster.REDIS_ALLOWED_KEYS (Giving a false sense of security should you turn it on without confirming). Is there any particular reason for this? It looks like it's available for the async version of the class.

I've worked around the issue by simply patching redis.cluster.REDIS_ALLOWED_KEYS before initialising RedisCluster.

My initial workaround was to create a connection pool with ssl_check_hostname and handing that to RedisCluster - this caused cluster responses such as MOVED to throw errors as my connection pool was not handed the RedisCluster.on_connect method like the generated ones - and I don't see how I could do it myself (catch 22). Is this another bug? It seems to me all explicitly declared connection pools would fail due to this?.

On a separate note I think hostname checking should be enabled by default - I almost missed (to attempt) turning it on which would've been a security risk.