-
Notifications
You must be signed in to change notification settings - Fork 986
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS setup fails to a master reported by sentinel #1209
Comments
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
Lettuce now uses the InetSocketAddress.hostString to verify the SSL host and for SNI instead of using the RedisURI. When using Redis Sentinel, the URI host was null and the port was zero which caused failures during the SSL handshake.
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
Lettuce now uses the InetSocketAddress.hostString to verify the SSL host and for SNI instead of using the RedisURI. When using Redis Sentinel, the URI host was null and the port was zero which caused failures during the SSL handshake.
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
Lettuce now uses the InetSocketAddress.hostString to verify the SSL host and for SNI instead of using the RedisURI. When using Redis Sentinel, the URI host was null and the port was zero which caused failures during the SSL handshake.
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
mp911de
added a commit
that referenced
this issue
Jan 15, 2020
That's fixed and available now in the most recent snapshot build for |
Thank you for the fast turnaround. Amazing. |
Looks good
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
Lettuce Core cannot establish TLS with a master reported by sentinel, even though Lettuce Core can establish TLS with sentinel itself.
Current Behavior
Test code throws this exception when setting up TLS to the master
Sentinel and master are running at IP:26380 and IP:6380, respectively. In front of sentinel is a Layer 4 proxy terminating TLS at IP:26381, which forwards TCP to port 26380. In front of the master is another Layer 4 proxy terminating TLS at IP:6381, which forwards TCP to port 6380.
Lettuce Core succeeds in establishing TLS with the sentinel. From sentinel, it learns the master IP:6380, then with a
MappingSocketAddressResolver
, maps the master to IP:6381. TLS setup at the master proxy IP:6381 fails per the stack trace.Input Code
Expected behavior/code
Master TLS setup should succeed as Sentinel TLS setup succeeds.
Environment
Possible Solution
Unknown
Additional context
N/A
The text was updated successfully, but these errors were encountered: