1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-25 08:59:31 -05:00

fix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)

Backport #20967

Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

Fixes #19213

Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>
This commit is contained in:
zeripath 2022-09-04 14:59:20 +01:00 committed by GitHub
parent 3aba72c613
commit 71aa64ae25
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 2 deletions

View file

@ -245,7 +245,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config {
if len(skipverify) > 0 { if len(skipverify) > 0 {
skipverify, err := strconv.ParseBool(skipverify) skipverify, err := strconv.ParseBool(skipverify)
if err != nil { if err == nil {
tlsConfig.InsecureSkipVerify = skipverify tlsConfig.InsecureSkipVerify = skipverify
} }
} }
@ -254,7 +254,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config {
if len(insecureskipverify) > 0 { if len(insecureskipverify) > 0 {
insecureskipverify, err := strconv.ParseBool(insecureskipverify) insecureskipverify, err := strconv.ParseBool(insecureskipverify)
if err != nil { if err == nil {
tlsConfig.InsecureSkipVerify = insecureskipverify tlsConfig.InsecureSkipVerify = insecureskipverify
} }
} }

View file

@ -27,6 +27,24 @@ func TestRedisPasswordOpt(t *testing.T) {
} }
} }
func TestSkipVerifyOpt(t *testing.T) {
uri, _ := url.Parse("rediss://myredis/0?skipverify=true")
tlsConfig := getRedisTLSOptions(uri)
if !tlsConfig.InsecureSkipVerify {
t.Fail()
}
}
func TestInsecureSkipVerifyOpt(t *testing.T) {
uri, _ := url.Parse("rediss://myredis/0?insecureskipverify=true")
tlsConfig := getRedisTLSOptions(uri)
if !tlsConfig.InsecureSkipVerify {
t.Fail()
}
}
func TestRedisSentinelUsernameOpt(t *testing.T) { func TestRedisSentinelUsernameOpt(t *testing.T) {
uri, _ := url.Parse("redis+sentinel://redis:password@myredis/0?sentinelusername=suser&sentinelpassword=spass") uri, _ := url.Parse("redis+sentinel://redis:password@myredis/0?sentinelusername=suser&sentinelpassword=spass")
opts := getRedisOptions(uri).Failover() opts := getRedisOptions(uri).Failover()