diff options
| author | zeripath <art27@cantab.net> | 2022-09-04 14:59:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-04 14:59:20 +0100 |
| commit | 71aa64ae25fc50a258c7c60090bfe2e782640588 (patch) | |
| tree | f4267f4c4ba67a9705050502b65c464cecc91cb8 /modules | |
| parent | 3aba72c6132e7254d99e93306bd90bd5b06f2202 (diff) | |
| download | gitea-71aa64ae25fc50a258c7c60090bfe2e782640588.tar.gz gitea-71aa64ae25fc50a258c7c60090bfe2e782640588.zip | |
fix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)
Backport #20967
Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.
Fixes #19213
Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nosql/manager_redis.go | 4 | ||||
| -rw-r--r-- | modules/nosql/manager_redis_test.go | 18 |
2 files changed, 20 insertions, 2 deletions
diff --git a/modules/nosql/manager_redis.go b/modules/nosql/manager_redis.go index b82f899db0..5e52eb870e 100644 --- a/modules/nosql/manager_redis.go +++ b/modules/nosql/manager_redis.go @@ -245,7 +245,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config { if len(skipverify) > 0 { skipverify, err := strconv.ParseBool(skipverify) - if err != nil { + if err == nil { tlsConfig.InsecureSkipVerify = skipverify } } @@ -254,7 +254,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config { if len(insecureskipverify) > 0 { insecureskipverify, err := strconv.ParseBool(insecureskipverify) - if err != nil { + if err == nil { tlsConfig.InsecureSkipVerify = insecureskipverify } } diff --git a/modules/nosql/manager_redis_test.go b/modules/nosql/manager_redis_test.go index 3d94532135..99a8856f1e 100644 --- a/modules/nosql/manager_redis_test.go +++ b/modules/nosql/manager_redis_test.go @@ -27,6 +27,24 @@ func TestRedisPasswordOpt(t *testing.T) { } } +func TestSkipVerifyOpt(t *testing.T) { + uri, _ := url.Parse("rediss://myredis/0?skipverify=true") + tlsConfig := getRedisTLSOptions(uri) + + if !tlsConfig.InsecureSkipVerify { + t.Fail() + } +} + +func TestInsecureSkipVerifyOpt(t *testing.T) { + uri, _ := url.Parse("rediss://myredis/0?insecureskipverify=true") + tlsConfig := getRedisTLSOptions(uri) + + if !tlsConfig.InsecureSkipVerify { + t.Fail() + } +} + func TestRedisSentinelUsernameOpt(t *testing.T) { uri, _ := url.Parse("redis+sentinel://redis:password@myredis/0?sentinelusername=suser&sentinelpassword=spass") opts := getRedisOptions(uri).Failover() |