redict/src/cli_common.h

#ifndef __CLICOMMON_H
#define __CLICOMMON_H

#include <hiredis.h>

typedef struct cliSSLconfig {
    /* Requested SNI, or NULL */
    char *sni;
    /* CA Certificate file, or NULL */
    char *cacert;
    /* Directory where trusted CA certificates are stored, or NULL */
    char *cacertdir;
    /* Skip server certificate verification. */
    int skip_cert_verify;
    /* Client certificate to authenticate with, or NULL */
    char *cert;
    /* Private key file to authenticate with, or NULL */
    char *key;
    /* Prefered cipher list, or NULL (applies only to <= TLSv1.2) */
    char* ciphers;
    /* Prefered ciphersuites list, or NULL (applies only to TLSv1.3) */
    char* ciphersuites;
} cliSSLconfig;

/* Wrapper around redisSecureConnection to avoid hiredis_ssl dependencies if
 * not building with TLS support.
 */
int cliSecureConnection(redisContext *c, cliSSLconfig config, const char **err);

/* Wrapper around hiredis to allow arbitrary reads and writes.
 *
 * We piggybacks on top of hiredis to achieve transparent TLS support,
 * and use its internal buffers so it can co-exist with commands
 * previously/later issued on the connection.
 *
 * Interface is close to enough to read()/write() so things should mostly
 * work transparently.
 */

/* Write a raw buffer through a redisContext. If we already have something
 * in the buffer (leftovers from hiredis operations) it will be written
 * as well.
 */
ssize_t cliWriteConn(redisContext *c, const char *buf, size_t buf_len);

/* Wrapper around OpenSSL (libssl and libcrypto) initialisation.
 */
int cliSecureInit();

#endif /* __CLICOMMON_H */
TLS Support for redis-benchmark (#7959) 2020-10-28 02:00:54 -04:00			`#ifndef __CLICOMMON_H`
			`#define __CLICOMMON_H`

			`#include <hiredis.h>`

			`typedef struct cliSSLconfig {`
			`/* Requested SNI, or NULL */`
			`char *sni;`
			`/* CA Certificate file, or NULL */`
			`char *cacert;`
			`/* Directory where trusted CA certificates are stored, or NULL */`
			`char *cacertdir;`
Add --insecure option to command line tools. (#8416) Disable certificate validation, making it possible to connect to servers without configuring full trust chain. The use of this option is insecure and makes the connection vulnerable to man in the middle attacks. 2021-02-07 05:36:56 -05:00			`/* Skip server certificate verification. */`
			`int skip_cert_verify;`
TLS Support for redis-benchmark (#7959) 2020-10-28 02:00:54 -04:00			`/* Client certificate to authenticate with, or NULL */`
			`char *cert;`
			`/* Private key file to authenticate with, or NULL */`
			`char *key;`
Enable specifying TLS ciphers(suites) in redis-cli/redis-benchmark (#8005) Enable specifying the preferred ciphers and/or ciphersuites for redis-cli/redis-benchmark. Co-authored-by: Yossi Gottlieb <yossigo@gmail.com> 2020-11-04 07:49:15 -05:00			`/* Prefered cipher list, or NULL (applies only to <= TLSv1.2) */`
			`char* ciphers;`
			`/* Prefered ciphersuites list, or NULL (applies only to TLSv1.3) */`
			`char* ciphersuites;`
TLS Support for redis-benchmark (#7959) 2020-10-28 02:00:54 -04:00			`} cliSSLconfig;`

			`/* Wrapper around redisSecureConnection to avoid hiredis_ssl dependencies if`
			`* not building with TLS support.`
			`*/`
			`int cliSecureConnection(redisContext c, cliSSLconfig config, const char *err);`

			`/* Wrapper around hiredis to allow arbitrary reads and writes.`
			`*`
			`* We piggybacks on top of hiredis to achieve transparent TLS support,`
			`* and use its internal buffers so it can co-exist with commands`
			`* previously/later issued on the connection.`
			`*`
			`* Interface is close to enough to read()/write() so things should mostly`
			`* work transparently.`
			`*/`

			`/* Write a raw buffer through a redisContext. If we already have something`
			`* in the buffer (leftovers from hiredis operations) it will be written`
			`* as well.`
			`*/`
			`ssize_t cliWriteConn(redisContext c, const char buf, size_t buf_len);`

			`/* Wrapper around OpenSSL (libssl and libcrypto) initialisation.`
			`*/`
			`int cliSecureInit();`

			`#endif /* __CLICOMMON_H */`