Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client ssl certificate authentication with sentinel #48

Open
dmellos opened this issue May 11, 2022 · 1 comment
Open

Client ssl certificate authentication with sentinel #48

dmellos opened this issue May 11, 2022 · 1 comment

Comments

@dmellos
Copy link

dmellos commented May 11, 2022

Hi,

Is it possible to send certificates as part of the call below when connecting to sentinel? I have setup redis and sentinel using TLS, but don't know how can clients connects to TLS Sentinel.

local redis, err = rc:connect {
url = "sentinel://mymaster:m",
sentinels = {},
password = "password",
-- tls = {
-- cert = "",
-- key = "",
-- cacert = ""
-- }
}

I am trying to do the following using lua-resty-redis-connector.
redis-cli -p 26379
--tls
--cert /etc/redis/tls/redis.crt
--key /etc/redis/tls/redis.key
--cacert /etc/redis/tls/ca.crt
@pintsized
Copy link
Member

It's not currently possible, because client certificates are not supported in OpenResty cosockets. However, lots of work has gone into this and I believe the feature was recently merged.

This means that at some point in the coming months there will hopefully be a mainline release of OpenResty which supports mTLS (via something like sock:setclientcert(key, cert)), and at this point we could consider adding this as a configuration parameter for this library (a PR would be most welcome!).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pintsized @dmellos