[BUG] AsyncRedis does not work with TLS enabled

Question

[BUG] AsyncRedis does not work with TLS enabled

jbrezina opened this issue 2 years ago · 5 comments

Describe the bug
We use sw::redis::AsyncRedis with TLS enabled and we get the following error:
Failed to initialize TLS connection: SSL_connect failed: No such file or directory
The same code works with sw::redis::Redis connection

To Reproduce

sw::redis::ConnectionOptions redisOptions;
redisOptions.host = "xxx.redis.cache.windows.net";
redisOptions.port = 6380;
redisOptions.password = "password";
redisOptions.keep_alive = true;
redisOptions.tls.enabled = true;
redisOptions.tls.sni = "xxx.redis.cache.windows.net";
redisOptions.tls.cacert = "wincert";

sw::redis::AsyncRedis redis(redisOptions);

try {
	auto result{ redis.ping().get() };
}
catch (const sw::redis::IoError& ioError) {
	ioError.what(); // Failed to initialize TLS connection: SSL_connect failed: No such file or directory
}

Expected behavior
TLS connection to be established and ping works without issues.

Environment:

OS: Windows 11
Compiler: MSVC
hiredis version: hiredis:x64-windows-static@1.1.0
redis-plus-plus version: redis-plus-plus_1.3.9_x64-windows-static
openssl_3.1.1_x64-windows-static
libuv_1.44.2_x64-windows-static

Additional context
AsyncConnection::_connect() initializes tls::secure_connection right after the connection with server is initialized (not established). I suppose the tls connection should be initialized after the connection with server is established in connect_callback (this way it works in my PoC with hiredis lib only).

hiredis README mentions this too:
Hiredis implements SSL/TLS on top of its normal redisContext or redisAsyncContext, so you will need to establish a connection first and then initiate an SSL/TLS handshake.

Answer 1 · 2023-06-23T13:38:41.000Z

what I would suggest is to:

move the code for tls::secure_connection and _tls_ctx from _connect() to new _tls_handshake() function,
invoke _tls_handshake() as first in _connecting_callback(), it is synchronous so there is no need for another callback

Answer 2 · 2023-06-30T08:47:16.000Z

Are you gonna do new release @sewenew please?

Answer 3 · 2023-07-03T02:06:15.000Z

OK, I'll make a new release this week. Not sure if I can add some more commits to the new release. I'll let you know, when I'm done.

Regards

Answer 4 · 2023-07-09T15:37:05.000Z

@jbrezina I've published a new release to include this fix.

Regards

Answer 5 · 2023-07-10T04:36:54.000Z

Thank you very much