diff options
author | Yossi Gottlieb <yossigo@gmail.com> | 2021-02-07 12:36:56 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-07 12:36:56 +0200 |
commit | be83bb13a8eaad68b7580b95c696f2554cf7100e (patch) | |
tree | a0c89c828c30578b9d88b155eb931e1281ad6a10 /src/cli_common.c | |
parent | aea6e71ef82701e07177744e600e1ef20d60b7d0 (diff) | |
download | redis-be83bb13a8eaad68b7580b95c696f2554cf7100e.tar.gz |
Add --insecure option to command line tools. (#8416)
Disable certificate validation, making it possible to connect to servers
without configuring full trust chain.
The use of this option is insecure and makes the connection vulnerable
to man in the middle attacks.
Diffstat (limited to 'src/cli_common.c')
-rw-r--r-- | src/cli_common.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cli_common.c b/src/cli_common.c index c2db9fffc..e88327ace 100644 --- a/src/cli_common.c +++ b/src/cli_common.c @@ -54,7 +54,7 @@ int cliSecureConnection(redisContext *c, cliSSLconfig config, const char **err) goto error; } SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); - SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_set_verify(ssl_ctx, config.skip_cert_verify ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, NULL); if (config.cacert || config.cacertdir) { if (!SSL_CTX_load_verify_locations(ssl_ctx, config.cacert, config.cacertdir)) { |