Backport #20967
Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.
Fixes #19213
Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>
if len(skipverify) > 0 {
skipverify, err := strconv.ParseBool(skipverify)
- if err != nil {
+ if err == nil {
tlsConfig.InsecureSkipVerify = skipverify
}
}
if len(insecureskipverify) > 0 {
insecureskipverify, err := strconv.ParseBool(insecureskipverify)
- if err != nil {
+ if err == nil {
tlsConfig.InsecureSkipVerify = insecureskipverify
}
}
}
}
+func TestSkipVerifyOpt(t *testing.T) {
+ uri, _ := url.Parse("rediss://myredis/0?skipverify=true")
+ tlsConfig := getRedisTLSOptions(uri)
+
+ if !tlsConfig.InsecureSkipVerify {
+ t.Fail()
+ }
+}
+
+func TestInsecureSkipVerifyOpt(t *testing.T) {
+ uri, _ := url.Parse("rediss://myredis/0?insecureskipverify=true")
+ tlsConfig := getRedisTLSOptions(uri)
+
+ if !tlsConfig.InsecureSkipVerify {
+ t.Fail()
+ }
+}
+
func TestRedisSentinelUsernameOpt(t *testing.T) {
uri, _ := url.Parse("redis+sentinel://redis:password@myredis/0?sentinelusername=suser&sentinelpassword=spass")
opts := getRedisOptions(uri).Failover()