redict/src/cli_common.h
Yossi Gottlieb be83bb13a8
Add --insecure option to command line tools. (#8416)
Disable certificate validation, making it possible to connect to servers
without configuring full trust chain.

The use of this option is insecure and makes the connection vulnerable
to man in the middle attacks.
2021-02-07 12:36:56 +02:00

51 lines
1.6 KiB
C

#ifndef __CLICOMMON_H
#define __CLICOMMON_H
#include <hiredis.h>
typedef struct cliSSLconfig {
/* Requested SNI, or NULL */
char *sni;
/* CA Certificate file, or NULL */
char *cacert;
/* Directory where trusted CA certificates are stored, or NULL */
char *cacertdir;
/* Skip server certificate verification. */
int skip_cert_verify;
/* Client certificate to authenticate with, or NULL */
char *cert;
/* Private key file to authenticate with, or NULL */
char *key;
/* Prefered cipher list, or NULL (applies only to <= TLSv1.2) */
char* ciphers;
/* Prefered ciphersuites list, or NULL (applies only to TLSv1.3) */
char* ciphersuites;
} cliSSLconfig;
/* Wrapper around redisSecureConnection to avoid hiredis_ssl dependencies if
* not building with TLS support.
*/
int cliSecureConnection(redisContext *c, cliSSLconfig config, const char **err);
/* Wrapper around hiredis to allow arbitrary reads and writes.
*
* We piggybacks on top of hiredis to achieve transparent TLS support,
* and use its internal buffers so it can co-exist with commands
* previously/later issued on the connection.
*
* Interface is close to enough to read()/write() so things should mostly
* work transparently.
*/
/* Write a raw buffer through a redisContext. If we already have something
* in the buffer (leftovers from hiredis operations) it will be written
* as well.
*/
ssize_t cliWriteConn(redisContext *c, const char *buf, size_t buf_len);
/* Wrapper around OpenSSL (libssl and libcrypto) initialisation.
*/
int cliSecureInit();
#endif /* __CLICOMMON_H */