Skip to content

Commit

Permalink
fix broken insecureskipverify handling in rediss connection uris (go-…
Browse files Browse the repository at this point in the history
…gitea#20967) (go-gitea#21053)

Backport go-gitea#20967

Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

Fixes go-gitea#19213

Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>
  • Loading branch information
zeripath and ajgon authored Sep 4, 2022
1 parent 3aba72c commit 71aa64a
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
4 changes: 2 additions & 2 deletions modules/nosql/manager_redis.go
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config {

if len(skipverify) > 0 {
skipverify, err := strconv.ParseBool(skipverify)
if err != nil {
if err == nil {
tlsConfig.InsecureSkipVerify = skipverify
}
}
Expand All @@ -254,7 +254,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config {

if len(insecureskipverify) > 0 {
insecureskipverify, err := strconv.ParseBool(insecureskipverify)
if err != nil {
if err == nil {
tlsConfig.InsecureSkipVerify = insecureskipverify
}
}
Expand Down
18 changes: 18 additions & 0 deletions modules/nosql/manager_redis_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,24 @@ func TestRedisPasswordOpt(t *testing.T) {
}
}

func TestSkipVerifyOpt(t *testing.T) {
uri, _ := url.Parse("rediss://myredis/0?skipverify=true")
tlsConfig := getRedisTLSOptions(uri)

if !tlsConfig.InsecureSkipVerify {
t.Fail()
}
}

func TestInsecureSkipVerifyOpt(t *testing.T) {
uri, _ := url.Parse("rediss://myredis/0?insecureskipverify=true")
tlsConfig := getRedisTLSOptions(uri)

if !tlsConfig.InsecureSkipVerify {
t.Fail()
}
}

func TestRedisSentinelUsernameOpt(t *testing.T) {
uri, _ := url.Parse("redis+sentinel://redis:password@myredis/0?sentinelusername=suser&sentinelpassword=spass")
opts := getRedisOptions(uri).Failover()
Expand Down

0 comments on commit 71aa64a

Please sign in to comment.