diff options
| -rw-r--r-- | src/cli_common.c | 2 | ||||
| -rw-r--r-- | src/cli_common.h | 2 | ||||
| -rw-r--r-- | src/redis-benchmark.c | 4 | ||||
| -rw-r--r-- | src/redis-cli.c | 4 |
4 files changed, 11 insertions, 1 deletions
diff --git a/src/cli_common.c b/src/cli_common.c index c2db9fffc..e88327ace 100644 --- a/src/cli_common.c +++ b/src/cli_common.c @@ -54,7 +54,7 @@ int cliSecureConnection(redisContext *c, cliSSLconfig config, const char **err) goto error; } SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); - SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_set_verify(ssl_ctx, config.skip_cert_verify ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, NULL); if (config.cacert || config.cacertdir) { if (!SSL_CTX_load_verify_locations(ssl_ctx, config.cacert, config.cacertdir)) { diff --git a/src/cli_common.h b/src/cli_common.h index f3a91e9db..16d6ec2a9 100644 --- a/src/cli_common.h +++ b/src/cli_common.h @@ -10,6 +10,8 @@ typedef struct cliSSLconfig { char *cacert; /* Directory where trusted CA certificates are stored, or NULL */ char *cacertdir; + /* Skip server certificate verification. */ + int skip_cert_verify; /* Client certificate to authenticate with, or NULL */ char *cert; /* Private key file to authenticate with, or NULL */ diff --git a/src/redis-benchmark.c b/src/redis-benchmark.c index a955c0d4c..164f5e3ee 100644 --- a/src/redis-benchmark.c +++ b/src/redis-benchmark.c @@ -1516,6 +1516,8 @@ int parseOptions(int argc, const char **argv) { } else if (!strcmp(argv[i],"--cacert")) { if (lastarg) goto invalid; config.sslconfig.cacert = strdup(argv[++i]); + } else if (!strcmp(argv[i],"--insecure")) { + config.sslconfig.skip_cert_verify = 1; } else if (!strcmp(argv[i],"--cert")) { if (lastarg) goto invalid; config.sslconfig.cert = strdup(argv[++i]); @@ -1585,6 +1587,7 @@ usage: " --cacertdir <dir> Directory where trusted CA certificates are stored.\n" " If neither cacert nor cacertdir are specified, the default\n" " system-wide trusted root certs configuration will apply.\n" +" --insecure Allow insecure TLS connection by skipping cert validation.\n" " --cert <file> Client certificate to authenticate with.\n" " --key <file> Private key file to authenticate with.\n" " --tls-ciphers <list> Sets the list of prefered ciphers (TLSv1.2 and below)\n" @@ -1682,6 +1685,7 @@ int main(int argc, const char **argv) { signal(SIGHUP, SIG_IGN); signal(SIGPIPE, SIG_IGN); + memset(&config.sslconfig, 0, sizeof(config.sslconfig)); config.numclients = 50; config.requests = 100000; config.liveclients = 0; diff --git a/src/redis-cli.c b/src/redis-cli.c index ed3075317..ab30edc75 100644 --- a/src/redis-cli.c +++ b/src/redis-cli.c @@ -1695,6 +1695,8 @@ static int parseOptions(int argc, char **argv) { config.sslconfig.key = argv[++i]; } else if (!strcmp(argv[i],"--tls-ciphers") && !lastarg) { config.sslconfig.ciphers = argv[++i]; + } else if (!strcmp(argv[i],"--insecure")) { + config.sslconfig.skip_cert_verify = 1; #ifdef TLS1_3_VERSION } else if (!strcmp(argv[i],"--tls-ciphersuites") && !lastarg) { config.sslconfig.ciphersuites = argv[++i]; @@ -1820,6 +1822,7 @@ static void usage(void) { " --cacertdir <dir> Directory where trusted CA certificates are stored.\n" " If neither cacert nor cacertdir are specified, the default\n" " system-wide trusted root certs configuration will apply.\n" +" --insecure Allow insecure TLS connection by skipping cert validation.\n" " --cert <file> Client certificate to authenticate with.\n" " --key <file> Private key file to authenticate with.\n" " --tls-ciphers <list> Sets the list of prefered ciphers (TLSv1.2 and below)\n" @@ -8131,6 +8134,7 @@ int main(int argc, char **argv) { int firstarg; struct timeval tv; + memset(&config.sslconfig, 0, sizeof(config.sslconfig)); config.hostip = sdsnew("127.0.0.1"); config.hostport = 6379; config.hostsocket = NULL; |