summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/connection.c20
-rw-r--r--src/connection.h17
-rw-r--r--src/module.c2
-rw-r--r--src/sentinel.c8
-rw-r--r--src/tls.c24
5 files changed, 56 insertions, 15 deletions
diff --git a/src/connection.c b/src/connection.c
index 7cf5ebf77..e28257fab 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -132,3 +132,23 @@ int connTypeProcessPendingData(void) {
return ret;
}
+
+void *connTypeGetCtx(int type) {
+ ConnectionType *ct = connectionByType(type);
+
+ if (ct && ct->get_ctx) {
+ return ct->get_ctx();
+ }
+
+ return NULL;
+}
+
+void *connTypeGetClientCtx(int type) {
+ ConnectionType *ct = connectionByType(type);
+
+ if (ct && ct->get_client_ctx) {
+ return ct->get_client_ctx();
+ }
+
+ return NULL;
+}
diff --git a/src/connection.h b/src/connection.h
index dac4dc3ea..4cb74c4dc 100644
--- a/src/connection.h
+++ b/src/connection.h
@@ -95,6 +95,11 @@ typedef struct ConnectionType {
/* pending data */
int (*has_pending_data)(void);
int (*process_pending_data)(void);
+
+ /* TLS specified methods */
+ sds (*get_peer_cert)(struct connection *conn);
+ void* (*get_ctx)(void);
+ void* (*get_client_ctx)(void);
} ConnectionType;
struct connection {
@@ -335,7 +340,17 @@ int connSendTimeout(connection *conn, long long ms);
int connRecvTimeout(connection *conn, long long ms);
/* Helpers for tls special considerations */
-sds connTLSGetPeerCert(connection *conn);
+void *connTypeGetCtx(int type);
+void *connTypeGetClientCtx(int type);
+
+/* Get cert for the secure connection */
+static inline sds connGetPeerCert(connection *conn) {
+ if (conn->type->get_peer_cert) {
+ return conn->type->get_peer_cert(conn);
+ }
+
+ return NULL;
+}
/* Initialize the redis connection framework */
int connTypeInitialize();
diff --git a/src/module.c b/src/module.c
index 3e09cdd10..953ab0474 100644
--- a/src/module.c
+++ b/src/module.c
@@ -8946,7 +8946,7 @@ RedisModuleString *RM_GetClientCertificate(RedisModuleCtx *ctx, uint64_t client_
client *c = lookupClientByID(client_id);
if (c == NULL) return NULL;
- sds cert = connTLSGetPeerCert(c->conn);
+ sds cert = connGetPeerCert(c->conn);
if (!cert) return NULL;
RedisModuleString *s = createObject(OBJ_STRING, cert);
diff --git a/src/sentinel.c b/src/sentinel.c
index b1c180d41..f0e3e8609 100644
--- a/src/sentinel.c
+++ b/src/sentinel.c
@@ -44,11 +44,6 @@
extern char **environ;
-#ifdef USE_OPENSSL
-extern SSL_CTX *redis_tls_ctx;
-extern SSL_CTX *redis_tls_client_ctx;
-#endif
-
#define REDIS_SENTINEL_PORT 26379
/* ======================== Sentinel global state =========================== */
@@ -2381,6 +2376,9 @@ static int instanceLinkNegotiateTLS(redisAsyncContext *context) {
#ifndef USE_OPENSSL
(void) context;
#else
+ SSL_CTX *redis_tls_ctx = connTypeGetCtx(CONN_TYPE_TLS);
+ SSL_CTX *redis_tls_client_ctx = connTypeGetClientCtx(CONN_TYPE_TLS);
+
if (!redis_tls_ctx) return C_ERR;
SSL *ssl = SSL_new(redis_tls_client_ctx ? redis_tls_client_ctx : redis_tls_ctx);
if (!ssl) return C_ERR;
diff --git a/src/tls.c b/src/tls.c
index 69c13c6d0..98c5d9d99 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -58,8 +58,8 @@
extern ConnectionType CT_Socket;
-SSL_CTX *redis_tls_ctx = NULL;
-SSL_CTX *redis_tls_client_ctx = NULL;
+static SSL_CTX *redis_tls_ctx = NULL;
+static SSL_CTX *redis_tls_client_ctx = NULL;
static int parseProtocolsConfig(const char *str) {
int i, count = 0;
@@ -1043,7 +1043,7 @@ static int tlsProcessPendingData() {
/* Fetch the peer certificate used for authentication on the specified
* connection and return it as a PEM-encoded sds.
*/
-sds connTLSGetPeerCert(connection *conn_) {
+static sds connTLSGetPeerCert(connection *conn_) {
tls_connection *conn = (tls_connection *) conn_;
if (conn_->type->get_type(conn_) != CONN_TYPE_TLS || !conn->ssl) return NULL;
@@ -1064,6 +1064,14 @@ sds connTLSGetPeerCert(connection *conn_) {
return cert_pem;
}
+static void *tlsGetCtx(void) {
+ return redis_tls_ctx;
+}
+
+static void *tlsGetClientCtx(void) {
+ return redis_tls_client_ctx;
+}
+
ConnectionType CT_TLS = {
/* connection type */
.get_type = connTLSGetType,
@@ -1099,6 +1107,11 @@ ConnectionType CT_TLS = {
/* pending data */
.has_pending_data = tlsHasPendingData,
.process_pending_data = tlsProcessPendingData,
+
+ /* TLS specified methods */
+ .get_peer_cert = connTLSGetPeerCert,
+ .get_ctx = tlsGetCtx,
+ .get_client_ctx = tlsGetClientCtx
};
int RedisRegisterConnectionTypeTLS()
@@ -1124,9 +1137,4 @@ connection *connCreateAcceptedTLS(int fd, int require_auth) {
return NULL;
}
-sds connTLSGetPeerCert(connection *conn_) {
- (void) conn_;
- return NULL;
-}
-
#endif
View Lorry Controller Status