Closed thomas-netcraft closed 7 months ago
This update introduces TLS support to a Redis client library, enhancing security by enabling encrypted connections. It includes adding SSL configuration options, ensuring SSL connections are handled correctly, and disabling SSL for sentinel connections due to compatibility concerns. The changes span across initialization, connection handling, and testing, demonstrating a comprehensive effort to integrate SSL support while maintaining functionality.
Files | Changes |
---|---|
builder/MyBuilder.pm , src/Redis__Fast.xs , lib/Redis/Fast.pm , lib/Redis/Fast/Sentinel.pm |
Added SSL support, including configuration options and connection handling. Disabled SSL for sentinels. |
t/*.t |
Enhanced tests to support SSL, including initialization with SSL parameters, and added cleanup logic. |
t/tlib/Test/SpawnRedisServer.pm |
Implemented SSL/TLS mode handling and stunnel setup for Redis server in testing environment. |
Objective | Addressed | Explanation |
---|---|---|
Add support for TLS (#143) | ✅ |
In the land of code where the bits do hop, Came a change, a leap, with a bouncy plop. 🐇 With whiskers twitching, eyes aglow, Secure connections, now they flow. Through tunnels of SSL, so sleek and fast, Our rabbit ensures your data's cast. In a burrow so deep, where secrets keep, 🥕 Rest easy, dear user, your connections leap.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Summary
Add SSL support the
Redis::Fast
client.hireds
already supports SSL so it is just a matter of pulling that support through to the Perl bindings. In order to facilitate unit testing, we also add support for various SSL verification modes. Interface consistency with Perl's standard Redis client is maintained.Resolves https://github.com/shogo82148/Redis-Fast/issues/143
Unit testing
Changes to unit tests were heavily inspired by https://github.com/PerlRedis/perl-redis/pull/129
Connecting to a local Redis server over an encrypted connection is done by instantiating stunnel with dummy certificates.
Setting the environment variable
USE_SSL
to a truthy value causes all unit tests which support SSL to be carried out with an encrypted connection.Benchmarking
To get a rough idea of the performance impact, the benchmarking script was run against an AWS ElastiCache instance, using both the
Redis
andRedis::Fast
clients with & without SSL enabled.Intentionally unsupported features
Summary by CodeRabbit