New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS support, gated by a feature flag #305
Conversation
@Marwes I guess I should also add something in the documentation about the new feature flag? |
There doesn't seem to be a place where features are documented atm (though it would be nice, problably in the top level docs in src/lib.rs). Adding some/a test for TLS, even without certificate validation would be useful. |
Alright, I'll figure something out later then. |
…ver when running integration tests
@Marwes could you try to help me figure out what's going on with the test suite? It's most probably linked to my change, but I can't figure it out right now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I gave this a rough review now.
Good work so far.
I'm surprised how simple the overall logic is.
I had some nits and comments about the feature usage, some clarification there would be nice.
I will also give that another look with a less-sleep brain.
There are some merge conflicts right now, if you can get them fixed that would be helpful.
Curious about the build errors here. The summary text says they were stopped, but the logs were a little bit harder to understand -- did someone intervene to stop the builds, or did they just idle for a long time and then fail? |
travis stops the build automatically if no output has been received for 10 minutes. So there is a bug in here somewhere. |
/// You should think very carefully before you use this method. If hostname | ||
/// verification is not used, any valid certificate for any site will be | ||
/// trusted for use from any other. This introduces a significant | ||
/// vulnerability to man-in-the-middle attacks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Potentially related, in the travis log: https://travis-ci.org/github/mitsuhiko/redis-rs/jobs/693945209#L253
But probably benign. I worry that something related to travis might be the issue here, not the change set. I'll pull down the repo and try running tests on my own machine. |
On my local machine (a linux laptop built in approximately 1433 AD), I was able to get the tests to pass: REDISRS_SERVER_TYPE=tcp RUST_TEST_THREADS=1 cargo test --no-default-features --tests -- --nocapture This is the same spot that failed in the travis build. So I'm not sure there's anything wrong with the change set, and I'm a little bit more suspicious of the travis build's config. Too -- and I haven't dug into this -- some of the other builds attached to the last commit, here, passed. Just out of sheer masochism, I wonder if re-triggering the builds causes different results than the last run. |
There have been changes since then, but previous iterations of this work got 100% green-lights on Travis: https://travis-ci.org/github/mitsuhiko/redis-rs/builds/669753751 |
Someone has kindly kicked off the build for the latest commit: https://travis-ci.org/github/mitsuhiko/redis-rs/builds/693945206 Thank you! |
Seems to be hanging at the same spot (test_getset). Run hasn't terminated yet... |
Failures on all of the non-lint builds, but not in the same places. 🔬 |
I was excited when I saw the update to redis 6.0, and I was too fast... the build from the |
😔 Thanks for looking into it... Worth a try |
I finally figured it out. I introduced the issue in my PR when I changed the match arm in Before my change, the I thought I knew enough about sockets... It turns out that @Terkwood I think it's finally ready to be merged. |
@@ -154,7 +155,12 @@ fn do_redis_code() -> redis::RedisResult<()> { | |||
|
|||
fn main() { | |||
// at this point the errors are fatal, let's just fail hard. | |||
match do_redis_code() { | |||
let url = if env::args().nth(1) == Some("--tls".into()) { | |||
"rediss://127.0.0.1:6380/#insecure" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏼
Huge progress!! 🏁🏁 |
Awesome! @gferon Can you add some documentation in lib.rs for this in a follow up PR? |
How does one use the TLS feature? |
I'm getting this error:
I've included these in my Cargo.toml:
|
Seems to be that this is the magic line: |
You're right, I just pushed #382 to make sure those features are more discoverable. |
Following up on my earlier attempt in MR #244.
TODO:
redis+tls
Resolves issue #241