Merge branch 'unstable' into zset-dict-double

Signed-off-by: Rayacoo <[email protected]>

README.md

@@ -25,10 +25,18 @@ It is as simple as:
     % make
 
 To build with TLS support, you'll need OpenSSL development libraries (e.g.
-libssl-dev on Debian/Ubuntu) and run:
+libssl-dev on Debian/Ubuntu).
+
+To build TLS support as Valkey built-in:
 
     % make BUILD_TLS=yes
 
+TO build TLS as Valkey module:
+
+    % make BUILD_TLS=module
+
+Note that sentinel mode does not support TLS module.
+
 To build with experimental RDMA support you'll need RDMA development libraries
 (e.g. librdmacm-dev and libibverbs-dev on Debian/Ubuntu). For now, Valkey only
 supports RDMA as connection module mode. Run:
@@ -52,12 +60,16 @@ After building Valkey, it is a good idea to test it using:
 
     % make test
 
-If TLS is built, running the tests with TLS enabled (you will need `tcl-tls`
-installed):
+The above runs the main integration tests. Additional tests are started using:
 
-    % ./utils/gen-test-certs.sh
-    % ./runtest --tls
+    % make test-unit     # Unit tests
+    % make test-modules  # Tests of the module API
+    % make test-sentinel # Valkey Sentinel integration tests
+    % make test-cluster  # Valkey Cluster integration tests
 
+More about running the integration tests can be found in
+[tests/README.md](tests/README.md) and for unit tests, see
+[src/unit/README.md](src/unit/README.md).
 
 Fixing build problems with dependencies or cached build options
 ---------
@@ -156,8 +168,41 @@ line, with exactly the same name.
 Running Valkey with TLS:
 ------------------
 
-Please consult the [TLS.md](TLS.md) file for more information on
-how to use Valkey with TLS.
+### Running manually
+To manually run a Valkey server with TLS mode (assuming `./gen-test-certs.sh` was invoked so sample certificates/keys are available):
+
+* TLS built-in mode:
+    ```
+    ./src/valkey-server --tls-port 6379 --port 0 \
+        --tls-cert-file ./tests/tls/valkey.crt \
+        --tls-key-file ./tests/tls/valkey.key \
+        --tls-ca-cert-file ./tests/tls/ca.crt
+    ```
+
+* TLS module mode:
+    ```
+    ./src/valkey-server --tls-port 6379 --port 0 \
+        --tls-cert-file ./tests/tls/valkey.crt \
+        --tls-key-file ./tests/tls/valkey.key \
+        --tls-ca-cert-file ./tests/tls/ca.crt \
+        --loadmodule src/valkey-tls.so
+    ```
+
+Note that you can disable TCP by specifying `--port 0` explicitly.
+It's also possible to have both TCP and TLS available at the same time,
+but you'll have to assign different ports.
+
+Use `valkey-cli` to connect to the Valkey server:
+```
+./src/valkey-cli --tls \
+    --cert ./tests/tls/valkey.crt \
+    --key ./tests/tls/valkey.key \
+    --cacert ./tests/tls/ca.crt
+```
+
+Specifying `--tls-replication yes` makes a replica connect to the primary.
+
+Using `--tls-cluster yes` makes Valkey Cluster use TLS across nodes.
 
 Running Valkey with RDMA:
 ------------------

src/acl.c

@@ -2678,7 +2678,7 @@ void addACLLogEntry(client *c, int reason, int context, int argpos, sds username
     /* if we have a real client from the network, use it (could be missing on module timers) */
     client *realclient = server.current_client ? server.current_client : c;
 
-    le->cinfo = catClientInfoString(sdsempty(), realclient);
+    le->cinfo = catClientInfoString(sdsempty(), realclient, 0);
     le->context = context;
 
     /* Try to match this entry with past ones, to see if we can just

src/cluster.c

@@ -262,6 +262,8 @@ void restoreCommand(client *c) {
     if (ttl && !absttl) ttl += commandTimeSnapshot();
     if (ttl && checkAlreadyExpired(ttl)) {
         if (deleted) {
+            /* Here we don't use deleteExpiredKeyFromOverwriteAndPropagate because
+             * strictly speaking, the `delete` is triggered by the `replace`. */
             robj *aux = server.lazyfree_lazy_server_del ? shared.unlink : shared.del;
             rewriteClientCommandVector(c, 2, aux, key);
             signalModifiedKey(c, c->db, key);
@@ -748,7 +750,16 @@ int verifyClusterNodeId(const char *name, int length) {
 }
 
 int isValidAuxChar(int c) {
-    return isalnum(c) || (strchr("!#$%&()*+.:;<>?@[]^{|}~", c) == NULL);
+    /* Return true if the character is alphanumeric */
+    if (isalnum(c)) {
+        return 1;
+    }
+
+    /* List of invalid characters */
+    static const char *invalid_charset = "!#$%&()*+;<>?@[]^{|}~";
+
+    /* Return true if the character is NOT in the invalid charset */
+    return strchr(invalid_charset, c) == NULL;
 }
 
 int isValidAuxString(char *s, unsigned int length) {
@@ -820,6 +831,8 @@ void clusterCommandHelp(client *c) {
         "SLOTS",
         "    Return information about slots range mappings. Each range is made of:",
         "    start, end, primary and replicas IP addresses, ports and ids",
+        "SLOT-STATS",
+        "    Return an array of slot usage statistics for slots assigned to the current node.",
         "SHARDS",
         "    Return information about slot range mappings and the nodes associated with them.",
         NULL};