How to connect to Redis SSL ?

RieUchdia commented 2 years ago

Hello,

I want to connect to Redis over SSL, but I'm failing.

How to connect to Redis on docker container over SSL from Unity application for windows?

when I run the Redis command (KEYS), I get an error.

Below is the error I got:

TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: 4294957312
Mono.Unity.Debug.CheckAndThrow (Mono.Unity.UnityTls+unitytls_errorstate errorState, Mono.Unity.UnityTls+unitytls_x509verify_result verifyResult, System.String context, Mono.Security.Interface.AlertDescription defaultAlert) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Mono.Unity.UnityTlsContext.ProcessHandshake () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
(wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Rethrow as AuthenticationException: A call to SSPI failed, see inner exception.
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Mono.Net.Security.MobileAuthenticatedStream+<ProcessAuthentication>d__47.MoveNext () (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
Rethrow as AggregateException: One or more errors occurred.
System.Threading.Tasks.Task.ThrowIfExceptional (System.Boolean includeTaskCanceledExceptions) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.Tasks.Task.Wait (System.Int32 millisecondsTimeout, System.Threading.CancellationToken cancellationToken) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.Tasks.Task.Wait () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
(wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient(string,System.Security.Cryptography.X509Certificates.X509CertificateCollection,System.Security.Authentication.SslProtocols,bool)
Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
System.Net.Security.SslStream.AuthenticateAsClient (System.String targetHost) (at <0463b2ef957545c0a51b42f372cd4fbb>:0)
StackExchange.Redis.ExtensionMethods.AuthenticateAsClientUsingDefaultProtocols (System.Net.Security.SslStream ssl, System.String host) (at <42a7464619884fb19c3faa991dc14536>:0)
StackExchange.Redis.ExtensionMethods.AuthenticateAsClient (System.Net.Security.SslStream ssl, System.String host, System.Nullable`1[T] allowedProtocols, System.Boolean checkCertificateRevocation) (at <42a7464619884fb19c3faa991dc14536>:0)
StackExchange.Redis.PhysicalConnection+<ConnectedAsync>d__104.MoveNext () (at <42a7464619884fb19c3faa991dc14536>:0)
Rethrow as RedisConnectionException: AuthenticationFailure on 127.0.0.1:6379/Subscription, Initializing/NotStarted, last: NONE, origin: ConnectedAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.2.88.56325
Rethrow as RedisConnectionException: No connection is active/available to service this operation: KEYS; Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: 4294957312, inst: 0, qu: 0, qs: 0, aw: False, serverEndpoint: 127.0.0.1:6379, mc: 1/1/0, mgr: 10 of 10 available, clientName: ULULTP0609, IOCP: (Busy=0,Free=200,Min=10,Max=200), WORKER: (Busy=0,Free=800,Min=10,Max=800), v: 2.2.88.56325
StackExchange.Redis.ConnectionMultiplexer.ThrowFailed[T] (System.Threading.Tasks.TaskCompletionSource`1[TResult] source, System.Exception unthrownException) (at <42a7464619884fb19c3faa991dc14536>:0)
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () (at <695d1cc93cca45069c528c15c9fdd749>:0)
StackExchange.Redis.CursorEnumerable`1+SingleBlockEnumerable+<AwaitedGetNextPageAsync>d__3[T].MoveNext () (at <42a7464619884fb19c3faa991dc14536>:0)
Rethrow as AggregateException: One or more errors occurred.
System.Threading.Tasks.Task.ThrowIfExceptional (System.Boolean includeTaskCanceledExceptions) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.Tasks.Task`1[TResult].GetResultCore (System.Boolean waitCompletionNotification) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Threading.Tasks.Task`1[TResult].get_Result () (at <695d1cc93cca45069c528c15c9fdd749>:0)
StackExchange.Redis.CursorEnumerable`1+Enumerator[T].SlowNextAsync () (at <42a7464619884fb19c3faa991dc14536>:0)
StackExchange.Redis.CursorEnumerable`1+Enumerator[T].SlowNextSync () (at <42a7464619884fb19c3faa991dc14536>:0)
StackExchange.Redis.CursorEnumerable`1+Enumerator[T].MoveNext () (at <42a7464619884fb19c3faa991dc14536>:0)
System.Collections.Generic.LargeArrayBuilder`1[T].AddRange (System.Collections.Generic.IEnumerable`1[T] items) (at <351e49e2a5bf4fd6beabb458ce2255f3>:0)
System.Collections.Generic.EnumerableHelpers.ToArray[T] (System.Collections.Generic.IEnumerable`1[T] source) (at <351e49e2a5bf4fd6beabb458ce2255f3>:0)
System.Linq.Enumerable.ToArray[TSource] (System.Collections.Generic.IEnumerable`1[T] source) (at <351e49e2a5bf4fd6beabb458ce2255f3>:0)
Scenes.MmDevicesDirector+<GetMmIdAdnPoseChs>d__15.MoveNext () (at Assets/Scenes/MmDevicesDirector.cs:75)
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Scenes.MmDevicesDirector+<Manage>d__13.MoveNext () (at Assets/Scenes/MmDevicesDirector.cs:59)
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.TaskAwaiter.GetResult () (at <695d1cc93cca45069c528c15c9fdd749>:0)
Scenes.MmDevicesDirector+<<Start>b__12_0>d.MoveNext () (at Assets/Scenes/MmDevicesDirector.cs:53)
--- End of stack trace from previous location where exception was thrown ---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () (at <695d1cc93cca45069c528c15c9fdd749>:0)
System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_0 (System.Object state) (at <695d1cc93cca45069c528c15c9fdd749>:0)
UnityEngine.UnitySynchronizationContext+WorkRequest.Invoke () (at <d3b66f0ad4e34a55b6ef91ab84878193>:0)
UnityEngine.UnitySynchronizationContext:ExecuteTasks()

RieUchdia commented 2 years ago

Below is the snippet of code I'm using:

            var config = new ConfigurationOptions();
            config.EndPoints.Add("127.0.0.1:6379");
            config.CertificateValidation += ValidateServerCertificate;
            config.Ssl = true;
            config.TrustIssuer("path to\\ca.crt");
            config.SslHost = "127.0.0.1";
            config.AbortOnConnectFail = false;
            config.CertificateSelection += delegate
            {
                var cert = new X509Certificate2("path to\\ca.crt", "");
                return cert;
            };
            Debug.Log("CertificateSelection");
            multiplexer = await ConnectionMultiplexer.ConnectAsync(config);
            Debug.Log($"Redis connected{multiplexer.GetStatus()}");

        public static bool ValidateServerCertificate(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
        {
            if (sslPolicyErrors == SslPolicyErrors.None)
            {
                Debug.Log("ValidateServerCertificate OK");
                return true;
            }

            Debug.LogError("Certificate error: {0}" + sslPolicyErrors);

            return false;
        }

Below is the redis-server config:

################################# tls/ssl #####################################

port 0
tls-port 6379

tls-cert-file /etc/ssl/certs/redis.crt
tls-key-file /etc/ssl/certs/redis.key

tls-ca-cert-file /etc/ssl/certs/ca.crt
tls-ca-cert-dir /etc/ssl/certs

tls-auth-clients no

loglevel notice
logfile ""

RieUchdia commented 2 years ago

This issue has been resolved. Client certificate settings were not required.

chandan-gds commented 7 months ago

a

StackExchange / StackExchange.Redis

How to connect to Redis SSL ? #2154