Doesn't work with Heroku Redis (TLS required, Redis 6+)

yiisoft / yii2-redis

Yii 2 Redis extension.

http://www.yiiframework.com

BSD 3-Clause "New" or "Revised" License

452 stars 183 forks source link

Doesn't work with Heroku Redis (TLS required, Redis 6+) #224

Closed timkelty closed 3 years ago

timkelty commented 3 years ago

Production plans of Heroku Redis now require a TLS connection: https://devcenter.heroku.com/articles/heroku-redis#create-a-new-instance

However, enabling via useSSL => true does not work with these Redis instances.

What steps will reproduce the problem?

Configure redis component with Heroku Redis 6+.
useSSL => true

What's expected?

Connection should work.

What do you get instead?

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Additional info

Q	A
Yii vesion	2.0.40
PHP version	7.4

yii-bot commented 3 years ago

Thank you for your question. In order for this issue tracker to be effective, it should only contain bug reports and feature requests.

We advise you to use our community driven resources:

If you are confident that there is a bug in the framework, feel free to provide information on how to reproduce it. This issue will be closed for now.

This is an automated comment, triggered by adding the label question.

samdark commented 3 years ago

Configure your PHP properly:

Download https://curl.haxx.se/ca/cacert.pem
Specify path to the file in php.ini, openssl.cafile="/path/to/cacert.pem".
Restart PHP.

timkelty commented 3 years ago

Thanks @samdark, I'll give it a try!

FWIW, it looks like Heroku just made this change recently, so it will likely become relevant to anyone running Yii/Craft on Heroku Redis.

SerotoninaAbad commented 3 years ago

Hi @timkelty. Did you manage to find a solution to that problem in Heroku?

timkelty commented 3 years ago

@SerotoninaAbad Ended up going with the dumb/easy solution: ditch Heroku Redis and use their "Redis To Go" add-on, which doesn't require tls.

boboldehampsink commented 3 years ago

Configure your PHP properly:

Download https://curl.haxx.se/ca/cacert.pem

Specify path to the file in php.ini, openssl.cafile="/path/to/cacert.pem".

Restart PHP.

@dzuelke is this something that needs to be done in the buildpack?

boboldehampsink commented 3 years ago

Can this be worked around now that https://github.com/yiisoft/yii2-redis/pull/227 is released?

michaelroper commented 3 years ago

Got bitten by this one today too, and can't use @timkelty's solution.. has anyone else managed to get a connection working to Heroku Redis?

boboldehampsink commented 3 years ago

Got it working by using this in the config:

            'useSSL' => true,
            'contextOptions' => [
                'ssl' => [
                    'verify_peer' => false,
                    'verify_peer_name' => false,
                ],
            ],

samdark commented 3 years ago

As I previously said, https://github.com/yiisoft/yii2-redis/issues/224#issuecomment-780703158 should be done instead of turning off peer verification.

boboldehampsink commented 3 years ago

@samdark that is only if you have control over the php installation

bizley commented 3 years ago

Guys, it's 2021... Change your provider. Anyway, this should be continued at forum if at all.