From 8c291b97b95f2e011977b522acf77ead23e26f55 Mon Sep 17 00:00:00 2001 From: Yossi Gottlieb Date: Fri, 11 Dec 2020 18:31:40 +0200 Subject: TLS: Add different client cert support. (#8076) This adds a new `tls-client-cert-file` and `tls-client-key-file` configuration directives which make it possible to use different certificates for the TLS-server and TLS-client functions of Redis. This is an optional directive. If it is not specified the `tls-cert-file` and `tls-key-file` directives are used for TLS client functions as well. Also, `utils/gen-test-certs.sh` now creates additional server-only and client-only certs and will skip intensive operations if target files already exist. --- tests/instances.tcl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'tests/instances.tcl') diff --git a/tests/instances.tcl b/tests/instances.tcl index 156c92706..a9cc01008 100644 --- a/tests/instances.tcl +++ b/tests/instances.tcl @@ -76,8 +76,10 @@ proc spawn_instance {type base_port count {conf {}}} { puts $cfg "tls-replication yes" puts $cfg "tls-cluster yes" puts $cfg "port 0" - puts $cfg [format "tls-cert-file %s/../../tls/redis.crt" [pwd]] - puts $cfg [format "tls-key-file %s/../../tls/redis.key" [pwd]] + puts $cfg [format "tls-cert-file %s/../../tls/server.crt" [pwd]] + puts $cfg [format "tls-key-file %s/../../tls/server.key" [pwd]] + puts $cfg [format "tls-client-cert-file %s/../../tls/client.crt" [pwd]] + puts $cfg [format "tls-client-key-file %s/../../tls/client.key" [pwd]] puts $cfg [format "tls-dh-params-file %s/../../tls/redis.dh" [pwd]] puts $cfg [format "tls-ca-cert-file %s/../../tls/ca.crt" [pwd]] puts $cfg "loglevel debug" @@ -234,8 +236,8 @@ proc parse_options {} { package require tls 1.6 ::tls::init \ -cafile "$::tlsdir/ca.crt" \ - -certfile "$::tlsdir/redis.crt" \ - -keyfile "$::tlsdir/redis.key" + -certfile "$::tlsdir/client.crt" \ + -keyfile "$::tlsdir/client.key" set ::tls 1 } elseif {$opt eq "--help"} { puts "--single Only runs tests specified by pattern." -- cgit v1.2.1