From be83bb13a8eaad68b7580b95c696f2554cf7100e Mon Sep 17 00:00:00 2001 From: Yossi Gottlieb Date: Sun, 7 Feb 2021 12:36:56 +0200 Subject: Add --insecure option to command line tools. (#8416) Disable certificate validation, making it possible to connect to servers without configuring full trust chain. The use of this option is insecure and makes the connection vulnerable to man in the middle attacks. --- src/redis-benchmark.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/redis-benchmark.c') diff --git a/src/redis-benchmark.c b/src/redis-benchmark.c index a955c0d4c..164f5e3ee 100644 --- a/src/redis-benchmark.c +++ b/src/redis-benchmark.c @@ -1516,6 +1516,8 @@ int parseOptions(int argc, const char **argv) { } else if (!strcmp(argv[i],"--cacert")) { if (lastarg) goto invalid; config.sslconfig.cacert = strdup(argv[++i]); + } else if (!strcmp(argv[i],"--insecure")) { + config.sslconfig.skip_cert_verify = 1; } else if (!strcmp(argv[i],"--cert")) { if (lastarg) goto invalid; config.sslconfig.cert = strdup(argv[++i]); @@ -1585,6 +1587,7 @@ usage: " --cacertdir Directory where trusted CA certificates are stored.\n" " If neither cacert nor cacertdir are specified, the default\n" " system-wide trusted root certs configuration will apply.\n" +" --insecure Allow insecure TLS connection by skipping cert validation.\n" " --cert Client certificate to authenticate with.\n" " --key Private key file to authenticate with.\n" " --tls-ciphers Sets the list of prefered ciphers (TLSv1.2 and below)\n" @@ -1682,6 +1685,7 @@ int main(int argc, const char **argv) { signal(SIGHUP, SIG_IGN); signal(SIGPIPE, SIG_IGN); + memset(&config.sslconfig, 0, sizeof(config.sslconfig)); config.numclients = 50; config.requests = 100000; config.liveclients = 0; -- cgit v1.2.1