Skip to content

Commit 0fe87e6

Browse files
committed
Applying review comments.
1 parent 63dd464 commit 0fe87e6

File tree

6 files changed

+27
-35
lines changed

6 files changed

+27
-35
lines changed

docs/examples/ssl_connection_examples.ipynb

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@
3737
" host='localhost',\n",
3838
" port=6666,\n",
3939
" ssl=True,\n",
40-
" ssl_check_hostname=False,\n",
4140
" ssl_cert_reqs=\"none\",\n",
4241
")\n",
4342
"r.ping()"
@@ -69,7 +68,7 @@
6968
"source": [
7069
"import redis\n",
7170
"\n",
72-
"r = redis.from_url(\"rediss://localhost:6666?ssl_cert_reqs=none&ssl_check_hostname=False&decode_responses=True&health_check_interval=2\")\n",
71+
"r = redis.from_url(\"rediss://localhost:6666?ssl_cert_reqs=none&decode_responses=True&health_check_interval=2\")\n",
7372
"r.ping()"
7473
]
7574
},
@@ -103,7 +102,6 @@
103102
" host=\"localhost\",\n",
104103
" port=6666,\n",
105104
" connection_class=redis.SSLConnection,\n",
106-
" ssl_check_hostname=False,\n",
107105
" ssl_cert_reqs=\"none\",\n",
108106
")\n",
109107
"\n",
@@ -143,7 +141,6 @@
143141
" port=6666,\n",
144142
" ssl=True,\n",
145143
" ssl_min_version=ssl.TLSVersion.TLSv1_3,\n",
146-
" ssl_check_hostname=False,\n",
147144
" ssl_cert_reqs=\"none\",\n",
148145
")\n",
149146
"r.ping()"

redis/asyncio/connection.py

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -893,18 +893,17 @@ def __init__(
893893
self.cert_reqs = cert_reqs
894894
self.ca_certs = ca_certs
895895
self.ca_data = ca_data
896-
self.check_hostname = check_hostname
896+
self.check_hostname = (
897+
check_hostname if self.cert_reqs != ssl.CERT_NONE else False
898+
)
897899
self.min_version = min_version
898900
self.ciphers = ciphers
899901
self.context: Optional[SSLContext] = None
900902

901903
def get(self) -> SSLContext:
902904
if not self.context:
903905
context = ssl.create_default_context()
904-
if self.cert_reqs == ssl.CERT_NONE:
905-
context.check_hostname = False
906-
else:
907-
context.check_hostname = self.check_hostname
906+
context.check_hostname = self.check_hostname
908907
context.verify_mode = self.cert_reqs
909908
if self.certfile and self.keyfile:
910909
context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)

redis/connection.py

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1083,7 +1083,9 @@ def __init__(
10831083
self.ca_certs = ssl_ca_certs
10841084
self.ca_data = ssl_ca_data
10851085
self.ca_path = ssl_ca_path
1086-
self.check_hostname = ssl_check_hostname
1086+
self.check_hostname = (
1087+
ssl_check_hostname if self.cert_reqs != ssl.CERT_NONE else False
1088+
)
10871089
self.certificate_password = ssl_password
10881090
self.ssl_validate_ocsp = ssl_validate_ocsp
10891091
self.ssl_validate_ocsp_stapled = ssl_validate_ocsp_stapled
@@ -1115,10 +1117,7 @@ def _wrap_socket_with_ssl(self, sock):
11151117
An SSL wrapped socket.
11161118
"""
11171119
context = ssl.create_default_context()
1118-
if self.cert_reqs == ssl.CERT_NONE:
1119-
context.check_hostname = False
1120-
else:
1121-
context.check_hostname = self.check_hostname
1120+
context.check_hostname = self.check_hostname
11221121
context.verify_mode = self.cert_reqs
11231122
if self.certfile or self.keyfile:
11241123
context.load_cert_chain(

tests/test_asyncio/test_cluster.py

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3118,9 +3118,7 @@ async def test_ssl_with_invalid_cert(
31183118
async def test_ssl_connection(
31193119
self, create_client: Callable[..., Awaitable[RedisCluster]]
31203120
) -> None:
3121-
async with await create_client(
3122-
ssl=True, ssl_check_hostname=False, ssl_cert_reqs="none"
3123-
) as rc:
3121+
async with await create_client(ssl=True, ssl_cert_reqs="none") as rc:
31243122
assert await rc.ping()
31253123

31263124
@pytest.mark.parametrize(
@@ -3136,7 +3134,6 @@ async def test_ssl_connection_tls12_custom_ciphers(
31363134
) -> None:
31373135
async with await create_client(
31383136
ssl=True,
3139-
ssl_check_hostname=False,
31403137
ssl_cert_reqs="none",
31413138
ssl_min_version=ssl.TLSVersion.TLSv1_2,
31423139
ssl_ciphers=ssl_ciphers,
@@ -3148,7 +3145,6 @@ async def test_ssl_connection_tls12_custom_ciphers_invalid(
31483145
) -> None:
31493146
async with await create_client(
31503147
ssl=True,
3151-
ssl_check_hostname=False,
31523148
ssl_cert_reqs="none",
31533149
ssl_min_version=ssl.TLSVersion.TLSv1_2,
31543150
ssl_ciphers="foo:bar",
@@ -3170,7 +3166,6 @@ async def test_ssl_connection_tls13_custom_ciphers(
31703166
# TLSv1.3 does not support changing the ciphers
31713167
async with await create_client(
31723168
ssl=True,
3173-
ssl_check_hostname=False,
31743169
ssl_cert_reqs="none",
31753170
ssl_min_version=ssl.TLSVersion.TLSv1_2,
31763171
ssl_ciphers=ssl_ciphers,

tests/test_asyncio/test_ssl.py

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,15 @@
1111
# Skip test or not based on cryptography installation
1212
try:
1313
import cryptography # noqa
14+
1415
skip_if_cryptography = pytest.mark.skipif(False, reason="")
1516
skip_if_nocryptography = pytest.mark.skipif(False, reason="")
1617
except ImportError:
1718
skip_if_cryptography = pytest.mark.skipif(True, reason="cryptography not installed")
18-
skip_if_nocryptography = pytest.mark.skipif(True, reason="cryptography not installed")
19+
skip_if_nocryptography = pytest.mark.skipif(
20+
True, reason="cryptography not installed"
21+
)
22+
1923

2024
@pytest.mark.ssl
2125
class TestSSL:
@@ -37,13 +41,14 @@ async def test_cert_reqs_none_with_check_hostname(self, request):
3741
"""Test that when ssl_cert_reqs=none is used with ssl_check_hostname=True,
3842
the connection is created successfully with check_hostname internally set to False"""
3943
ssl_url = request.config.option.redis_ssl_url
40-
p = urlparse(ssl_url)[1].split(":")
44+
parsed_url = urlparse(ssl_url)
4145
r = redis.Redis(
42-
host=p[0],
43-
port=p[1],
46+
host=parsed_url.hostname,
47+
port=parsed_url.port,
4448
ssl=True,
4549
ssl_cert_reqs="none",
46-
ssl_check_hostname=True, # This should work now because we handle the incompatibility
50+
# Check that ssl_check_hostname is ignored, when ssl_cert_reqs=none
51+
ssl_check_hostname=True,
4752
)
4853
try:
4954
# Connection should be successful
@@ -53,4 +58,4 @@ async def test_cert_reqs_none_with_check_hostname(self, request):
5358
conn = r.connection_pool.make_connection()
5459
assert conn.check_hostname is False
5560
finally:
56-
await r.aclose()
61+
await r.aclose()

tests/test_ssl.py

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,6 @@ def test_ssl_connection(self, request):
4242
host=p[0],
4343
port=p[1],
4444
ssl=True,
45-
ssl_check_hostname=False,
4645
ssl_cert_reqs="none",
4746
)
4847
assert r.ping()
@@ -105,7 +104,6 @@ def test_ssl_connection_tls12_custom_ciphers(self, request, ssl_ciphers):
105104
host=p[0],
106105
port=p[1],
107106
ssl=True,
108-
ssl_check_hostname=False,
109107
ssl_cert_reqs="none",
110108
ssl_min_version=ssl.TLSVersion.TLSv1_3,
111109
ssl_ciphers=ssl_ciphers,
@@ -120,7 +118,6 @@ def test_ssl_connection_tls12_custom_ciphers_invalid(self, request):
120118
host=p[0],
121119
port=p[1],
122120
ssl=True,
123-
ssl_check_hostname=False,
124121
ssl_cert_reqs="none",
125122
ssl_min_version=ssl.TLSVersion.TLSv1_2,
126123
ssl_ciphers="foo:bar",
@@ -145,7 +142,6 @@ def test_ssl_connection_tls13_custom_ciphers(self, request, ssl_ciphers):
145142
host=p[0],
146143
port=p[1],
147144
ssl=True,
148-
ssl_check_hostname=False,
149145
ssl_cert_reqs="none",
150146
ssl_min_version=ssl.TLSVersion.TLSv1_2,
151147
ssl_ciphers=ssl_ciphers,
@@ -314,19 +310,20 @@ def test_cert_reqs_none_with_check_hostname(self, request):
314310
"""Test that when ssl_cert_reqs=none is used with ssl_check_hostname=True,
315311
the connection is created successfully with check_hostname internally set to False"""
316312
ssl_url = request.config.option.redis_ssl_url
317-
p = urlparse(ssl_url)[1].split(":")
313+
parsed_url = urlparse(ssl_url)
318314
r = redis.Redis(
319-
host=p[0],
320-
port=p[1],
315+
host=parsed_url.hostname,
316+
port=parsed_url.port,
321317
ssl=True,
322318
ssl_cert_reqs="none",
323-
ssl_check_hostname=True, # This should work now because we handle the incompatibility
319+
# Check that ssl_check_hostname is ignored, when ssl_cert_reqs=none
320+
ssl_check_hostname=True,
324321
)
325322
try:
326323
# Connection should be successful
327324
assert r.ping()
328325
# check_hostname should have been automatically set to False
329-
assert r.connection_pool.connection_kwargs["connection_class"] == redis.SSLConnection
326+
assert r.connection_pool.connection_class == redis.SSLConnection
330327
conn = r.connection_pool.make_connection()
331328
assert conn.check_hostname is False
332329
finally:

0 commit comments

Comments
 (0)