Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use ssl_cert_reqs=none through URL scheme #264

Closed
alisaifee opened this issue Mar 2, 2025 · 6 comments
Closed

Unable to use ssl_cert_reqs=none through URL scheme #264

alisaifee opened this issue Mar 2, 2025 · 6 comments
Labels
bug Something isn't working

Comments

@alisaifee
Copy link
Owner

I can't speak to general specifics the OP has seen.

However, our team has specifically seen one issue: when adding ssl_cert_reqs=none to the URL, we get the following error from coredis:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

Notably, the same URL connection string works with the redis/redis-py library.

Originally posted by @aebrahim in #210
@alisaifee alisaifee added the bug Something isn't working label Mar 2, 2025
@alisaifee
Copy link
Owner Author

@aebrahim though I wasn't able to reproduce the exact error, there definitely was a bug in the configuration of the ssl context. I've pushed a fix to master (2381ef0) which should address it.

@alisaifee
Copy link
Owner Author

@aebrahim though I wasn't able to reproduce the exact error, there definitely was a bug in the configuration of the ssl context. I've pushed a fix to master (2381ef0) which should address it.

Apologies, I spoke to soon, since it's a Sunday I'm okay force pushing to erase my mistake 😁 - 5f8e949 is the better commit.

@alisaifee
Copy link
Owner Author

Available now in 4.19.0 - when you have the chance I'd appreciate if you could test your use case.

@aebrahim
Copy link

aebrahim commented Mar 5, 2025
edited
Loading

Still having the issue

>>> coredis.__version__
    '4.19.0'
>>> await redis.asyncio.Redis.from_url(os.environ["REDIS_URL"]).ping()
    True
>>> await coredis.Redis.from_url(os.environ["REDIS_URL"]).ping()
File ~/.local/lib/python3.11/site-packages/coredis/connection.py:317, in BaseConnection.connect(self)
    315 except Exception as err:
    316     self._connection_error = err
--> 317     raise ConnectionError(str(err)) from err
    319 # run any user callbacks. right now the only internal callback
    320 # is for pubsub channel/pattern resubscription
    321 for callback in self._connect_callbacks:

ConnectionError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)

Here we have REDIS_URL=rediss://:<some_auth_string>@<some_ip_address>:6378?ssl_cert_reqs=none

@alisaifee
Copy link
Owner Author

@aebrahim Thanks for checking and also apologies for making you check before having looked a bit harder at the code. There was another clear bug waiting to be fixed (afc0ea5) - however, I probably wouldn't have seen it without your example of connecting without a client certificate at all. TIL: that redis accepts --tls-auth-clients=no

@alisaifee
Copy link
Owner Author

Fixed in 4.20.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alisaifee @aebrahim