From 151b12a80fe60e671604433876af4fd2a1f7084d Mon Sep 17 00:00:00 2001
From: Kevin Fwu <kfwu@litespeedtech.com>
Date: Wed, 27 May 2020 08:53:29 -0400
Subject: Fix TLS certificate loading for chained certificates.

This impacts client verification for chained certificates (such as Lets
Encrypt certificates). Client Verify requires the full chain in order to
properly verify the certificate.
---
 src/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index 28a74df9a..a62f2284e 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -217,7 +217,7 @@ int tlsConfigure(redisTLSContextConfig *ctx_config) {
     SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
 
-    if (SSL_CTX_use_certificate_file(ctx, ctx_config->cert_file, SSL_FILETYPE_PEM) <= 0) {
+    if (SSL_CTX_use_certificate_chain_file(ctx, ctx_config->cert_file) <= 0) {
         ERR_error_string_n(ERR_get_error(), errbuf, sizeof(errbuf));
         serverLog(LL_WARNING, "Failed to load certificate: %s: %s", ctx_config->cert_file, errbuf);
         goto error;
-- 
cgit v1.2.1


From c480af900764cefbd60ac037d01065aad1b123d1 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Sun, 31 May 2020 15:51:52 +0300
Subject: fix pingoff  test race

---
 tests/integration/psync2-pingoff.tcl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/integration/psync2-pingoff.tcl b/tests/integration/psync2-pingoff.tcl
index 5a9a46d16..cdecfc5c6 100644
--- a/tests/integration/psync2-pingoff.tcl
+++ b/tests/integration/psync2-pingoff.tcl
@@ -64,6 +64,7 @@ start_server {} {
         # make sure replication is still alive and kicking
         $R(1) incr x
         wait_for_condition 50 1000 {
+            [status $R(0) loading] == 0 &&
             [$R(0) get x] == 1
         } else {
             fail "replica didn't get incr"
-- 
cgit v1.2.1