hiredis-client 0.29.0 → 0.30.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c84a121867dc6622e803bad3ac0713590ae63bf1dd66cba2f081286ba4dd873d
-  data.tar.gz: 96ec35739c4ba1b5827cfcdcd5cab0def5f0cc3e9e93f76b83bfd2b01e55013a
+  metadata.gz: d0b7355ec84a4bac25e947e6338a99f83fc3aadd72d18a9b094254736dd1d619
+  data.tar.gz: 066667a1b9a3b900a4fde61497626eeb8ff768ab7929450bd28e4e1f9b1e48c8
 SHA512:
-  metadata.gz: 4d16d757d07bbcec6a32fd6fa0204f654b4937a67718d5149094bf4d30d4299bd77ccb6b7b0f563830c53b9c1979d32e1e534f35841d622ce05ca859f950929e
-  data.tar.gz: f8a69e6be041943fa9c4455306169d217d771fd370fa7e74d12ae643b20d1c8e4f9d2443e50158e213d7965638463fabbf693b0d499504aee66b65793206f45f
+  metadata.gz: 3140dca52a51e849c47e136f8a5588f6243c611866aade3638e99ca7bb9f9375037e2a684e371534b898b23ecbc8b2d3264f1bf67e445f037d6ddd2a3607433f
+  data.tar.gz: e17226bfb18d35c4c980b6dcfd0e51331ea9380f1a7ba967fb1b0a0a2801c6a90c233c403fd40f79332a7e16a49d7d896c2fee528cbcf1379d9cfa585bd1ef7c

data/ext/redis_client/hiredis/hiredis_connection.c

@@ -109,18 +109,20 @@ static VALUE hiredis_ssl_context_alloc(VALUE klass) {
     return TypedData_Make_Struct(klass, hiredis_ssl_context_t, &hiredis_ssl_context_data_type, ssl_context);
 }
 
-static VALUE hiredis_ssl_context_init(VALUE self, VALUE ca_file, VALUE ca_path, VALUE cert, VALUE key, VALUE hostname) {
+static VALUE hiredis_ssl_context_init(VALUE self, VALUE ca_file, VALUE ca_path, VALUE cert, VALUE key, VALUE hostname, VALUE verify_mode) {
     redisSSLContextError ssl_error = 0;
     SSL_CONTEXT(self, ssl_context);
 
-    ssl_context->context = redisCreateSSLContext(
-        RTEST(ca_file) ? StringValueCStr(ca_file) : NULL,
-        RTEST(ca_path) ? StringValueCStr(ca_path) : NULL,
-        RTEST(cert) ? StringValueCStr(cert) : NULL,
-        RTEST(key) ? StringValueCStr(key) : NULL,
-        RTEST(hostname) ? StringValueCStr(hostname) : NULL,
-        &ssl_error
-    );
+    redisSSLOptions options = {
+        .cacert_filename = RTEST(ca_file) ? StringValueCStr(ca_file) : NULL,
+        .capath = RTEST(ca_path) ? StringValueCStr(ca_path) : NULL,
+        .cert_filename = RTEST(cert) ? StringValueCStr(cert) : NULL,
+        .private_key_filename = RTEST(key) ? StringValueCStr(key) : NULL,
+        .server_name = RTEST(hostname) ? StringValueCStr(hostname) : NULL,
+        .verify_mode = NIL_P(verify_mode) ? SSL_VERIFY_PEER : NUM2INT(verify_mode),
+    };
+
+    ssl_context->context = redisCreateSSLContextWithOptions(&options, &ssl_error);
 
     if (ssl_error) {
         return rb_str_new_cstr(redisSSLContextGetError(ssl_error));
@@ -945,5 +947,5 @@ RUBY_FUNC_EXPORTED void Init_hiredis_connection(void) {
 
     VALUE rb_cHiredisSSLContext = rb_define_class_under(rb_cHiredisConnection, "SSLContext", rb_cObject);
     rb_define_alloc_func(rb_cHiredisSSLContext, hiredis_ssl_context_alloc);
-    rb_define_private_method(rb_cHiredisSSLContext, "init", hiredis_ssl_context_init, 5);
+    rb_define_private_method(rb_cHiredisSSLContext, "init", hiredis_ssl_context_init, 6);
 }

data/ext/redis_client/hiredis/vendor/hiredis_ssl.h

@@ -84,6 +84,16 @@ typedef enum {
     REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED       /* Failed to load private key */
 } redisSSLContextError;
 
+/* Options struct for redisCreateSSLContextWithOptions(). */
+typedef struct {
+    const char *cacert_filename;
+    const char *capath;
+    const char *cert_filename;
+    const char *private_key_filename;
+    const char *server_name;
+    int verify_mode;
+} redisSSLOptions;
+
 /**
  * Return the error message corresponding with the specified error code.
  */
@@ -124,6 +134,12 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *
         const char *cert_filename, const char *private_key_filename,
         const char *server_name, redisSSLContextError *error);
 
+/**
+ * Variant of redisCreateSSLContext() that accepts a redisSSLOptions struct,
+ * allowing the caller to set verify_mode (e.g. SSL_VERIFY_NONE).
+ */
+redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redisSSLContextError *error);
+
 /**
  * Free a previously created OpenSSL context.
  */

data/ext/redis_client/hiredis/vendor/ssl.c

@@ -203,9 +203,7 @@ void redisFreeSSLContext(redisSSLContext *ctx)
  * redisSSLContext helper context initialization.
  */
 
-redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *capath,
-        const char *cert_filename, const char *private_key_filename,
-        const char *server_name, redisSSLContextError *error)
+redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redisSSLContextError *error)
 {
     redisSSLContext *ctx = hi_calloc(1, sizeof(redisSSLContext));
     if (ctx == NULL)
@@ -218,34 +216,34 @@ redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *
     }
 
     SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-    SSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL);
+    SSL_CTX_set_verify(ctx->ssl_ctx, options->verify_mode, NULL);
 
-    if ((cert_filename != NULL && private_key_filename == NULL) ||
-            (private_key_filename != NULL && cert_filename == NULL)) {
+    if ((options->cert_filename != NULL && options->private_key_filename == NULL) ||
+            (options->private_key_filename != NULL && options->cert_filename == NULL)) {
         if (error) *error = REDIS_SSL_CTX_CERT_KEY_REQUIRED;
         goto error;
     }
 
-    if (capath || cacert_filename) {
-        if (!SSL_CTX_load_verify_locations(ctx->ssl_ctx, cacert_filename, capath)) {
+    if (options->capath || options->cacert_filename) {
+        if (!SSL_CTX_load_verify_locations(ctx->ssl_ctx, options->cacert_filename, options->capath)) {
             if (error) *error = REDIS_SSL_CTX_CA_CERT_LOAD_FAILED;
             goto error;
         }
     }
 
-    if (cert_filename) {
-        if (!SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, cert_filename)) {
+    if (options->cert_filename) {
+        if (!SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, options->cert_filename)) {
             if (error) *error = REDIS_SSL_CTX_CLIENT_CERT_LOAD_FAILED;
             goto error;
         }
-        if (!SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, private_key_filename, SSL_FILETYPE_PEM)) {
+        if (!SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, options->private_key_filename, SSL_FILETYPE_PEM)) {
             if (error) *error = REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED;
             goto error;
         }
     }
 
-    if (server_name)
-        ctx->server_name = hi_strdup(server_name);
+    if (options->server_name)
+        ctx->server_name = hi_strdup(options->server_name);
 
     return ctx;
 
@@ -254,6 +252,21 @@ error:
     return NULL;
 }
 
+redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *capath,
+        const char *cert_filename, const char *private_key_filename,
+        const char *server_name, redisSSLContextError *error)
+{
+    redisSSLOptions options = {
+        .cacert_filename = cacert_filename,
+        .capath = capath,
+        .cert_filename = cert_filename,
+        .private_key_filename = private_key_filename,
+        .server_name = server_name,
+        .verify_mode = SSL_VERIFY_PEER,
+    };
+    return redisCreateSSLContextWithOptions(&options, error);
+}
+
 int redisInitiateSSLContinue(redisContext *c) {
     if (!c->privctx) {
         __redisSetError(c, REDIS_ERR_OTHER, "redisContext is not associated");

data/lib/redis_client/hiredis_connection.rb

@@ -10,7 +10,7 @@ class RedisClient
 
     class << self
       def ssl_context(ssl_params)
-        unless ssl_params[:ca_file] || ssl_params[:ca_path]
+        unless ssl_params[:ca_file] || ssl_params[:ca_path] || ssl_params[:verify_mode] == OpenSSL::SSL::VERIFY_NONE
           default_ca_file = OpenSSL::X509::DEFAULT_CERT_FILE
           default_ca_path = OpenSSL::X509::DEFAULT_CERT_DIR
 
@@ -27,13 +27,14 @@ class RedisClient
           cert: ssl_params[:cert],
           key: ssl_params[:key],
           hostname: ssl_params[:hostname],
+          verify_mode: ssl_params[:verify_mode],
         )
       end
     end
 
     class SSLContext
-      def initialize(ca_file: nil, ca_path: nil, cert: nil, key: nil, hostname: nil)
-        if (error = init(ca_file, ca_path, cert, key, hostname))
+      def initialize(ca_file: nil, ca_path: nil, cert: nil, key: nil, hostname: nil, verify_mode: nil)
+        if (error = init(ca_file, ca_path, cert, key, hostname, verify_mode))
           raise error
         end
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hiredis-client
 version: !ruby/object:Gem::Version
-  version: 0.29.0
+  version: 0.30.0
 platform: ruby
 authors:
 - Jean Boussier
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.0
+        version: 0.30.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.29.0
+        version: 0.30.0
 email:
 - jean.boussier@gmail.com
 executables: []
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.6
+rubygems_version: 4.0.12
 specification_version: 4
 summary: Hiredis binding for redis-client
 test_files: []