Allow using hosted Redis instances by default#293
Conversation
|
Sorry, but you'll have to sign the CLA... As for the PR, I'm not even sure we need a flag. I can't really think of a security issue caused by CI queue being pointed at the wrong Redis, unless somehow the list of test name is super secret. |
ChrisBr
left a comment
ChrisBr
left a comment
There was a problem hiding this comment.
Thanks for the contribution
|
I have signed the CLA! |
I don’t feel strongly about it. I generally find changes to defaults easier to get merged if there’s some sort of opt out so I did what I thought would be the path of least resistance. I have no strong reason to force full SSL checking. It sounds like you prefer fewer config options over greater configurability. Seems reasonable. Please confirm and I can rip that out (or feel free to take the otherwise quite simple change and run with it if it’s faster/easier for you). |
Hosted Redis servers use self signed certificates (because they do not own the domain they're running on such as `compute-1.amazonaws.com`) therefore a full SSL connection verification will fail. The fix for that behavior is to disable verification so a self signed certificate can be used [docs from a hosted Redis/Key-value store provider](https://devcenter.heroku.com/articles/connecting-heroku-redis#connecting-in-ruby). This PR makes the default behavior to allow connecting to self signed Redis servers. This failing SSL connection behavior was originally reported in Shopify#292, however that issue focuses on raising visibility of such failures. This is an alternative to Shopify#293 that does not introduce a new configuration flag.
|
I also opened #294 which doesn't include the configuration flags. |
|
Superseded by #294 |
3 participants
Hosted Redis servers use self signed certificates (because they do not own the domain they're running on such as
compute-1.amazonaws.com) therefore a full SSL connection verification will fail. The fix for that behavior is to disable verification so a self signed certificate can be used docs from a hosted Redis/Key-value store provider.This PR makes the default behavior to allow connecting to self signed Redis servers, and introduces a new flag
--strict-sslwhich will require that the certificate is not self-signed.This failing SSL connection behavior was originally reported in #292, however that issue focues on raising visibility of such failures.