alisaifee/limits

ssl_cert_reqs="required" is not allowing me to connect to Redis

karaburmication opened this issue · 2 comments

I'm trying to implement flask-limiter with Redis 6.

If I use storage_uri without ssl (redis://:p51cd36bc3ea1.........), I'm getting this error:
redis.exceptions.ConnectionError: Error while reading from ec2-.........compute-1.amazonaws.com:29940 : (10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None)

It seems like TLS is mandatory in Redis 6 (unfortunately, I'm not able to downgrade)

If I use storage_uri with ssl (rediss://:p51cd36bc3ea1.........), I'm getting another error:
redis.exceptions.ConnectionError: Error 1 connecting to ec2-............compute-1.amazonaws.com:29940. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123).

I am able to connect to Redis and update keys/values with this code:

url = urlparse(os.environ.get("REDIS_URL"))
r = redis.Redis(host=str(url.hostname), port=url.port, username=url.username, password=url.password, ssl=True, ssl_cert_reqs=None)

r.set('Key', value, ex=86400)

Is there a way to make flask-limiter use the same method for connecting?

Finally, if I change ssl_cert_reqs="required" to ssl_cert_reqs="none" in class SSLConnection(Connection) (under site-packages\redis\connection.py), everything works, but I guess this is not a good solution as I don't want to change source files.

I can't quickly test this out but if you use rediss://:p51.....?ssl_cert_reqs=none does that work? Flask-Limiter simply passes the storage uri to limits which in turn passed it on to Redis.from_url which from the looks of the code should work.

Since this was also raised in alisaifee/flask-limiter#353 I'll close this one.