SSL Client support #570
Closed
SSL Client support #570
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
@michael-grunder Any thoughts on this? I've been asked to revive this |
|
I'm not opposed to adding SSL support. There was a great deal of back and forth around this issue in Redis proper, so we may want to run it by @antirez to see if he has any objections. I'm happy to help test as well. |
|
Is there any future for this? |
|
Yes, in fact SSL is actively being used in some deployments! - however I need to cut out some time to properly integrate it in hiredis for public consumption.
… On Jan 24, 2019, at 4:52 PM, Abdullah Alger ***@***.***> wrote:
Is there any future for this?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#570 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAanUV5LkZzkPiBdr_pcxL1DN88B6qY-ks5vGis5gaJpZM4RXupJ>.
|
|
I'm closing this PR in favor of #645 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This provides SSL client support for communicating with an SSL-secured Redis implementation. The user-facing API is exposed as bolted-on, which makes modifying existing applications easier. This works in my basic testing so far.
The SSL implementation assumes mutual TLS auth. SSL support is disabled by default at compilation. To use SSL, set
USE_SSLin the build environment.This should enable the
HIREDIS_SSLpreprocessor define, which should enable the SSL bits. Note that you may want to also adjust yourOPENSSL_PREFIXbuild variable to your desired openssl installation. This is probably only a concern for OSX where there are typically both Homebrew and Apple variants provided. On linux there should only be a single version found in/usr/lib/or similar. The default value is/opt/local/openssl.Once the library is built, you should be able to call
On the connection. This will perform openssl negotiation. The reason I didn't provide another variant of
redisConnectis twofold. (1) I wanted other applications to be able to simply add (rather than change) their existing connection code - so this also works via fd etc. (2) Users can quickly debug if an error is coming from the connection layer or openssl layer.I've also added examples (the sync example and the libev and libevent examples).