aio-libs-abandoned/aioredis-py

ConnectionError: OSError: File name too long when specifying ssl_ca_certs

soapergem opened this issue · 1 comments

Describe the bug

I am trying to connect to a Google MemoryStore instance of redis using aioredis. I can successfully connect using the sychronous redis library, but when trying to connect via aioredis I get a ConnectionError, which is really just a wrapper for an OSError. MemoryStore requires an SSL connection and provides a block of server CA certificates when you create the instance. Here is the code I use to connect (successfully) to the instance using the synchronous redis library:

import os
import redis

conn = redis.Redis(
    host=os.getenv("REDIS_HOST"),
    port=os.getenv("REDIS_PORT"),
    password=os.getenv("REDIS_AUTH_STRING"),
    ssl=True,
    ssl_ca_data=os.getenv("REDIS_SERVER_CA_CERTS")
)

That works. I can issue commands like GET and SET, and so on. So I tried to migrate this same code to using aioredis instead.

To Reproduce

Unfortunately, I run into trouble as soon as I try and translate that into aioredis. Here's the code I've been trying to use:

import aioredis
import os

conn = aioredis.SSLConnection(
    host=os.getenv("REDIS_HOST"),
    port=os.getenv("REDIS_PORT"),
    password=os.getenv("REDIS_AUTH_STRING"),
    ssl_ca_certs=os.getenv("REDIS_SERVER_CA_CERTS")
)

Expected behavior

I would expect that I would be able to utilize that connection object. However, when I run await conn.connect() I get the following traceback.

Logs/tracebacks

>>> await conn.connect()
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 692, in connect
    await self._connect()
  File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 722, in _connect
    ssl=self.ssl_context.get() if self.ssl_context else None,
  File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 1083, in get
    context.load_verify_locations(self.ca_certs)
OSError: [Errno 36] File name too long

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 440, in result
    return self.__get_result()
  File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "<console>", line 1, in <module>
  File "/usr/local/lib/python3.9/site-packages/aioredis/connection.py", line 698, in connect
    raise ConnectionError(self._error_message(e))
aioredis.exceptions.ConnectionError: Error 36 connecting to 10.170.56.27:6378. 36.

Python Version

$ python --version
Python 3.9.1

aioredis Version

$ python -m pip show aioredis
Name: aioredis
Version: 2.0.1
Summary: asyncio (PEP 3156) Redis support
Home-page: https://github.com/aio-libs/aioredis-py
Author: None
Author-email: None
License: MIT
Location: /usr/local/lib/python3.9/site-packages
Requires: typing-extensions, async-timeout
Required-by:

Additional context

No response

Code of Conduct

  • I agree to follow the aio-libs Code of Conduct

I think I figured it out. I have the whole CA certificate set as an environment variable (i.e. starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----), but it seems the SSLConnection class doesn't expect this to be a string, but rather a file. So if I dump that env var into a file and then pass in the path of that file as the ssl_ca_certs parameter, it works. I'll close my own issue.