Add SslOptions #3980

sazzad16 · 2024-09-30T11:21:35Z

Similar to SslOptions in Lettuce library.

inspired by SslVerifyMode in Lettuce

atakavci

having a trust manager like this smells off. May be its because i am lack of context. What is the rationale ?

src/main/java/redis/clients/jedis/DefaultJedisClientConfig.java

src/main/java/redis/clients/jedis/SslOptions.java

src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java

src/main/java/redis/clients/jedis/SslHostnameVerifyMode.java

tishun · 2024-10-01T13:54:56Z

having a trust manager like this smells off. May be its because i am lack of context. What is the rationale ?

I have the same question. The motivation of the change is important in this case.

uglide · 2024-10-02T08:06:30Z

@tishun @atakavci This is an attempt to create a TLS config similar to what we have in Lettuce, as a more developer-friendly option compared to the current approach with SSLSocketFactory, etc.

sazzad16 · 2024-10-02T15:23:45Z

having a trust manager like this smells off. May be its because i am lack of context. What is the rationale ?

I have the same question. The motivation of the change is important in this case.

@tishun

Lettuce has similar support.
Users want insecurity.

tishun

I may not be getting the whole idea, so please excuse me if my comments are not making sense.

My current assumption is that we only want to be able to enable and disable hostname verification, as part of the SSL verification process.

src/main/java/redis/clients/jedis/DefaultJedisClientConfig.java

src/main/java/redis/clients/jedis/SslHostnameVerifyMode.java

src/main/java/redis/clients/jedis/SslOptions.java

to avoid confusion at this moment.

does this reduce confusion?

src/main/java/redis/clients/jedis/util/InsecureTrustManagerFactory.java

and INSECURE option (renamed from NONE) is added back in SslVerifyMode.

src/main/java/redis/clients/jedis/SslOptions.java

src/test/java/redis/clients/jedis/SSLOptionsJedisTest.java

in connectWithCustomHostNameVerifier() test

unlike Lettuce where it uses empty char array.

tishun

Awesome, LGTM!

src/main/java/redis/clients/jedis/SslOptions.java

src/main/java/redis/clients/jedis/SslVerifyMode.java

sazzad16 added 6 commits September 29, 2024 18:52

Add SslOptions from Lettuce library

23ef9c3

Add InsecureTrustManagerFactory from Netty library

375e1ca

Separate SSL socket creation in DefaultJedisSocketFactory

ed26f37

Add SslOptions in JedisClientConfig

382fd81

Add SslHostnameVerifyMode

363d493

inspired by SslVerifyMode in Lettuce

Allow system default key and trust managers and insecure trust manager

261bf30

sazzad16 added enhancement experimental labels Sep 30, 2024

fix jdoc

2ca615e

atakavci reviewed Oct 1, 2024

View reviewed changes

Address review comments

8da45c3

tishun reviewed Oct 1, 2024

View reviewed changes

src/main/java/redis/clients/jedis/SslHostnameVerifyMode.java Outdated Show resolved Hide resolved

tishun reviewed Oct 9, 2024

View reviewed changes

sazzad16 added 3 commits October 10, 2024 15:57

Revert back to verification mode names in Lettuce,

e9444d9

to avoid confusion at this moment.

Rename insecureTrust to noTruststoreVerification;

ae97c00

does this reduce confusion?

Merge branch 'master' into ssl-options

04fd034

ggivo reviewed Oct 12, 2024

View reviewed changes

src/main/java/redis/clients/jedis/util/InsecureTrustManagerFactory.java Outdated Show resolved Hide resolved

sazzad16 added 3 commits November 10, 2024 22:30

SslVerifyMode is renamed back

09fee5e

and INSECURE option (renamed from NONE) is added back in SslVerifyMode.

Merge branch 'master' into ssl-options

ea3a164

Remove InsecureTrustManagerFactory

499dfed

github-advanced-security bot found potential problems Nov 10, 2024

View reviewed changes

src/main/java/redis/clients/jedis/SslOptions.java Dismissed Show dismissed Hide dismissed

sazzad16 added 5 commits November 18, 2024 17:06

Disable ALL existing SSL tests

b196739

JedisTest with SslOptions

1566a2a

SSLACLJedisTest with SslOptions

06e2587

SSLOptionsJedisSentinelPoolTest with SslOptions

4b27241

SSLJedisClusterTest with SslOptions

caa0b34

github-advanced-security bot found potential problems Nov 18, 2024

View reviewed changes

src/test/java/redis/clients/jedis/SSLOptionsJedisTest.java Fixed Show fixed Hide fixed

minor update javadoc

46c031e

sazzad16 mentioned this pull request Nov 28, 2024

Add SslOptions with custom HostnameVerifier #4032

Closed

sazzad16 added 3 commits November 28, 2024 18:59

Allow manual HostnameVerifier with SslOptions

294cf25

Make test connectWithCustomHostNameVerifier() pass

ac1de9c

Better SslOptions with custom HostnameVerifier

9e60a8e

in connectWithCustomHostNameVerifier() test

sazzad16 mentioned this pull request Nov 28, 2024

Add SslOptions with Supplier of SSLParameters #4033

Closed

sazzad16 added 7 commits December 3, 2024 20:02

Shorten sslContextProtocol to sslProtocol

0129990

Use null as default password,

7e298bb

unlike Lettuce where it uses empty char array.

Make an accidental private truststore builder option public

fae11c0

Remove Lettuce comments

04ea192

Add JedisPooled tests

9709018

Use char array for password

8e1152c

Remove file license

5357b68

sazzad16 marked this pull request as ready for review December 17, 2024 17:49

sazzad16 requested review from a team, ggivo, atakavci, tishun and uglide December 17, 2024 18:47

tishun previously approved these changes Dec 18, 2024

View reviewed changes

Address code review

9d13917

sazzad16 dismissed tishun’s stale review via 9d13917 December 18, 2024 16:25

sazzad16 requested a review from tishun December 18, 2024 16:27

tishun previously approved these changes Dec 19, 2024

View reviewed changes

sazzad16 added the ready to merge label Dec 19, 2024

sazzad16 added 2 commits December 19, 2024 18:47

Merge branch 'master' into ssl-options

a49ffb1

Merge branch 'master' into ssl-options

7b06e34

sazzad16 dismissed tishun’s stale review via 7b06e34 December 24, 2024 07:32

sazzad16 added 2 commits December 24, 2024 13:46

Merge fix

8fbadc2

Deprecate helper methods in DefaultJedisClientConfig

25e65d3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SslOptions #3980

Add SslOptions #3980

sazzad16 commented Sep 30, 2024

atakavci left a comment

tishun commented Oct 1, 2024

uglide commented Oct 2, 2024

sazzad16 commented Oct 2, 2024

tishun left a comment

tishun left a comment

Add SslOptions #3980

Are you sure you want to change the base?

Add SslOptions #3980

Conversation

sazzad16 commented Sep 30, 2024

atakavci left a comment

Choose a reason for hiding this comment

tishun commented Oct 1, 2024

uglide commented Oct 2, 2024

sazzad16 commented Oct 2, 2024

tishun left a comment

Choose a reason for hiding this comment

tishun left a comment

Choose a reason for hiding this comment