diff options
author | Yossi Gottlieb <yossigo@gmail.com> | 2020-12-11 18:31:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-11 18:31:40 +0200 |
commit | 8c291b97b95f2e011977b522acf77ead23e26f55 (patch) | |
tree | 14935b675574e1f8f2cc79f90219de537c8fc0f0 /tests/instances.tcl | |
parent | 4e064fbab4d310b508593b46ed6ce539aea7aa25 (diff) | |
download | redis-8c291b97b95f2e011977b522acf77ead23e26f55.tar.gz |
TLS: Add different client cert support. (#8076)
This adds a new `tls-client-cert-file` and `tls-client-key-file`
configuration directives which make it possible to use different
certificates for the TLS-server and TLS-client functions of Redis.
This is an optional directive. If it is not specified the `tls-cert-file`
and `tls-key-file` directives are used for TLS client functions as well.
Also, `utils/gen-test-certs.sh` now creates additional server-only and client-only certs and will skip intensive operations if target files already exist.
Diffstat (limited to 'tests/instances.tcl')
-rw-r--r-- | tests/instances.tcl | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/tests/instances.tcl b/tests/instances.tcl index 156c92706..a9cc01008 100644 --- a/tests/instances.tcl +++ b/tests/instances.tcl @@ -76,8 +76,10 @@ proc spawn_instance {type base_port count {conf {}}} { puts $cfg "tls-replication yes" puts $cfg "tls-cluster yes" puts $cfg "port 0" - puts $cfg [format "tls-cert-file %s/../../tls/redis.crt" [pwd]] - puts $cfg [format "tls-key-file %s/../../tls/redis.key" [pwd]] + puts $cfg [format "tls-cert-file %s/../../tls/server.crt" [pwd]] + puts $cfg [format "tls-key-file %s/../../tls/server.key" [pwd]] + puts $cfg [format "tls-client-cert-file %s/../../tls/client.crt" [pwd]] + puts $cfg [format "tls-client-key-file %s/../../tls/client.key" [pwd]] puts $cfg [format "tls-dh-params-file %s/../../tls/redis.dh" [pwd]] puts $cfg [format "tls-ca-cert-file %s/../../tls/ca.crt" [pwd]] puts $cfg "loglevel debug" @@ -234,8 +236,8 @@ proc parse_options {} { package require tls 1.6 ::tls::init \ -cafile "$::tlsdir/ca.crt" \ - -certfile "$::tlsdir/redis.crt" \ - -keyfile "$::tlsdir/redis.key" + -certfile "$::tlsdir/client.crt" \ + -keyfile "$::tlsdir/client.key" set ::tls 1 } elseif {$opt eq "--help"} { puts "--single <pattern> Only runs tests specified by pattern." |