Skip to content

[v2.1.0] Adds TLS/SSL support, resolves hostname and support IPv6 #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
moticless merged 8 commits into from
Dec 10, 2025
Merged

[v2.1.0] Adds TLS/SSL support, resolves hostname and support IPv6 #88

moticless merged 8 commits into from
Dec 10, 2025

Conversation

@moticless
Copy link
Collaborator

@moticless moticless commented Dec 9, 2025
edited
Loading

Key Features

  • TLS/SSL connections with server certificate verification
  • Mutual TLS authentication with client certificates
  • Flexible configuration: CA certs, custom ciphers, SNI support
  • New API: RdbxSSLConfig structure for TLS configuration
  • CLI support: Added --tls, --cacert, --cert, --key, and related flags
  • Build flag: BUILD_TLS=yes to enable (optional, backward compatible)
  • Enhanced hostname resolution (IPv4/IPv6 support)
  • Cheerful colors for runtests

Implementation Highlights

  • Extended RDBX_createRespToRedisTcp() with optional SSL config parameter
  • SSL wrapper around socket I/O operations
  • New error codes for TLS-specific failures
  • Comprehensive test suite (test_rdb_to_redis_tls.c)
  • Automated cert generation for testing
  • CI/CD integration

Closes: #39 , #59

@moticless
TLS Support (Bump version 2.1.0)
48cd533
@moticless
Add test IPv6
47f919e
@moticless
Fix CI: Move TLS testing from Redis 5.0 to 6.0
85290f3 
Redis 5.0 doesn't support TLS (added in 6.0), causing CI failures
with 'Bad directive' error for tls-port configuration.
@moticless
Fix macOS build: Handle MSG_NOSIGNAL platform differences
21abe0b 
MSG_NOSIGNAL is Linux-specific and not available on macOS/BSD.
- Define MSG_NOSIGNAL as 0 on platforms that don't support it
- Use SO_NOSIGPIPE socket option on macOS/BSD to prevent SIGPIPE

This fixes the compilation error on macOS:
  error: use of undeclared identifier 'MSG_NOSIGNAL'
@moticless
Fix macOS build: Add OpenSSL path detection for Homebrew
6b0537a 
On macOS, OpenSSL installed via Homebrew is in a non-standard location,
causing compilation failures when BUILD_TLS=yes:
  fatal error: 'openssl/ssl.h' file not found

Changes:
- CI: Install OpenSSL via brew when TLS is enabled on macOS
- Makefiles: Auto-detect OpenSSL in Homebrew locations
  - Checks /opt/homebrew/opt/openssl (Apple Silicon)
  - Checks /usr/local/opt/openssl (Intel)
  - Adds appropriate -I and -L flags when found
- Updated: src/ext/Makefile, src/cli/Makefile, examples/Makefile

This follows the same pattern used by the hiredis dependency.
tezc
tezc reviewed Dec 9, 2025
View reviewed changes
tezc
tezc reviewed Dec 9, 2025
View reviewed changes
tezc
tezc reviewed Dec 9, 2025
View reviewed changes
@moticless moticless merged commit 83b7852 into redis:main Dec 10, 2025
14 checks passed
@moticless moticless deleted the tls-support branch December 10, 2025 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tezc tezc tezc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Not support IPV6 address.

2 participants

@moticless @tezc