Restored TLS CI tests

.github/workflows/ci.yml

@@ -29,7 +29,7 @@ jobs:
       CMAKE_BUILD_PARALLEL_LEVEL: 4
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Setup Boost
       run: python3 tools/ci.py setup-boost --source-dir=$(pwd)
@@ -106,7 +106,7 @@ jobs:
       OPENSSL_ROOT: "C:\\Program Files\\OpenSSL"
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Setup user-config.jam
       run: cp tools/user-config.jam "${HOMEDRIVE}${HOMEPATH}/"
@@ -134,55 +134,48 @@ jobs:
           - toolset: gcc-11
             install: g++-11
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '17'
             build-type: 'Debug'
             ldflags: ''
 
           - toolset: gcc-11
             install: g++-11
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '20'
             build-type: 'Release'
             ldflags: ''
 
           - toolset: clang-11
             install: clang-11
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '17'
             build-type: 'Debug'
             ldflags: ''
 
           - toolset: clang-11
             install: clang-11
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '20'
             build-type: 'Debug'
             ldflags: ''
 
           - toolset: clang-13
             install: clang-13
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '17'
             build-type: 'Release'
             ldflags: ''
 
           - toolset: clang-13
             install: clang-13
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '20'
             build-type: 'Release'
             ldflags: ''
 
           - toolset: clang-14
             install: 'clang-14 libc++-14-dev libc++abi-14-dev'
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '17'
             build-type: 'Debug'
             cxxflags: '-stdlib=libc++'
@@ -191,83 +184,83 @@ jobs:
           - toolset: clang-14
             install: 'clang-14 libc++-14-dev libc++abi-14-dev'
             os: ubuntu-latest
-            container: ubuntu:22.04
             cxxstd: '20'
             build-type: 'Release'
             cxxflags: '-stdlib=libc++'
             ldflags: '-lc++'
 
     runs-on: ${{ matrix.os }}
-    container: ${{matrix.container}}
     env:
       CXXFLAGS: ${{matrix.cxxflags}} -Wall -Wextra
       LDFLAGS:  ${{matrix.ldflags}}
       CMAKE_BUILD_PARALLEL_LEVEL: 4
-      BOOST_REDIS_TEST_SERVER: redis
-
-    services:
-      redis:
-        image: redis
-
+
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
-
-    - name: Setup container environment
-      if: matrix.container
+      uses: actions/checkout@v4
+
+    - name: Set up the required containers
       run: |
-        apt-get update
-        apt-get -y install sudo python3 git g++ libssl-dev protobuf-compiler redis-server
-
+        docker compose -f tools/docker-compose.yml up -d --wait || (docker compose logs; exit 1)
+
     - name: Install dependencies
       run: |
-        sudo apt-get update
-        sudo apt-get -y install cmake protobuf-compiler redis-server python3 ${{ matrix.install }}
+        docker exec builder apt-get update
+        docker exec builder apt-get -y --no-install-recommends install \
+          git \
+          g++ \
+          libssl-dev \
+          make \
+          ca-certificates \
+          cmake \
+          protobuf-compiler \
+          python3 \
+          ${{ matrix.install }}
 
     - name: Setup Boost
-      run: ./tools/ci.py setup-boost --source-dir=$(pwd)
+      run: docker exec builder /boost-redis/tools/ci.py setup-boost --source-dir=/boost-redis
 
     - name: Build a Boost distribution using B2
       run: |
-        ./tools/ci.py build-b2-distro \
+        docker exec builder /boost-redis/tools/ci.py build-b2-distro \
           --toolset ${{ matrix.toolset }}
 
     - name: Build a Boost distribution using CMake
       run: |
-        ./tools/ci.py build-cmake-distro \
+        docker exec builder /boost-redis/tools/ci.py build-cmake-distro \
           --build-type ${{ matrix.build-type }} \
           --cxxstd ${{ matrix.cxxstd }} \
           --toolset ${{ matrix.toolset }}
 
     - name: Build the project tests
       run: |
-        ./tools/ci.py build-cmake-standalone-tests \
+        docker exec builder /boost-redis/tools/ci.py build-cmake-standalone-tests \
           --build-type ${{ matrix.build-type }} \
           --cxxstd ${{ matrix.cxxstd }} \
           --toolset ${{ matrix.toolset }}
 
     - name: Run the project tests
       run: |
-        ./tools/ci.py run-cmake-standalone-tests \
+        docker exec builder /boost-redis/tools/ci.py run-cmake-standalone-tests \
           --build-type ${{ matrix.build-type }}
 
     - name: Run add_subdirectory tests
       run: |
-        ./tools/ci.py run-cmake-add-subdirectory-tests \
+        docker exec builder /boost-redis/tools/ci.py run-cmake-add-subdirectory-tests \
           --build-type ${{ matrix.build-type }} \
           --cxxstd ${{ matrix.cxxstd }} \
           --toolset ${{ matrix.toolset }}
 
     - name: Run find_package tests with the built cmake distribution
       run: |
-        ./tools/ci.py run-cmake-find-package-tests \
+        docker exec builder /boost-redis/tools/ci.py run-cmake-find-package-tests \
           --build-type ${{ matrix.build-type }} \
           --cxxstd ${{ matrix.cxxstd }} \
           --toolset ${{ matrix.toolset }}
 
     - name: Run find_package tests with the built b2 distribution
       run: |
-        ./tools/ci.py run-cmake-b2-find-package-tests \
+        docker exec builder /boost-redis/tools/ci.py run-cmake-b2-find-package-tests \
           --build-type ${{ matrix.build-type }} \
           --cxxstd ${{ matrix.cxxstd }} \
           --toolset ${{ matrix.toolset }}
@@ -296,7 +289,7 @@ jobs:
     container: ${{matrix.container}}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Setup container environment
       if: matrix.container

include/boost/redis/detail/connection_base.hpp

@@ -113,7 +113,7 @@ struct exec_op {
    asio::coroutine coro{};
 
    template <class Self>
-   void operator()(Self& self , system::error_code ec = {}, std::size_t = 0)
+   void operator()(Self& self , system::error_code = {}, std::size_t = 0)
    {
       BOOST_ASIO_CORO_REENTER (coro)
       {

test/CMakeLists.txt

@@ -30,8 +30,7 @@ macro(make_test TEST_NAME STANDARD)
 endmacro()
 
 make_test(test_conn_quit 17)
-# TODO: Configure a Redis server with TLS in the CI and reenable this test.
-#make_test(test_conn_tls 17)
+make_test(test_conn_tls 17)
 make_test(test_low_level 17)
 make_test(test_conn_exec_retry 17)
 make_test(test_conn_exec_error 17)

test/common.cpp

@@ -29,7 +29,7 @@ run(
    conn->async_run(cfg, {l}, run_callback{conn, op, ec});
 }
 
-std::string safe_getenv(const char* name, const char* default_value)
+static std::string safe_getenv(const char* name, const char* default_value)
 {
     // MSVC doesn't like getenv
 #ifdef BOOST_MSVC
@@ -43,10 +43,15 @@ std::string safe_getenv(const char* name, const char* default_value)
     return res ? res : default_value;
 }
 
+std::string get_server_hostname()
+{
+   return safe_getenv("BOOST_REDIS_TEST_SERVER", "localhost");
+}
+
 boost::redis::config make_test_config()
 {
    boost::redis::config cfg;
-   cfg.addr.host = safe_getenv("BOOST_REDIS_TEST_SERVER", "localhost");
+   cfg.addr.host = get_server_hostname();
    return cfg;
 }
 

test/common.hpp

@@ -16,6 +16,7 @@ auto start(boost::asio::awaitable<void> op) -> int;
 #endif // BOOST_ASIO_HAS_CO_AWAIT
 
 boost::redis::config make_test_config();
+std::string get_server_hostname();
 
 void
 run(

test/test_conn_tls.cpp

@@ -4,10 +4,11 @@
  * accompanying file LICENSE.txt)
  */
 
+#include <boost/asio/ssl/host_name_verification.hpp>
+#include <boost/system/error_code.hpp>
 #include <boost/redis/connection.hpp>
 #define BOOST_TEST_MODULE conn-tls
 #include <boost/test/included/unit_test.hpp>
-#include <iostream>
 #include "common.hpp"
 
 namespace net = boost::asio;
@@ -16,24 +17,49 @@ using connection = boost::redis::connection;
 using boost::redis::request;
 using boost::redis::response;
 using boost::redis::config;
-using boost::redis::operation;
 using boost::system::error_code;
 
-bool verify_certificate(bool, net::ssl::verify_context&)
-{
-   std::cout << "set_verify_callback" << std::endl;
-   return true;
-}
-
-config make_tls_config()
+// CA certificate that signed the test server's certificate.
+// This is a self-signed CA created for testing purposes.
+// This must match tools/tls/ca.crt contents
+static constexpr const char* ca_certificate = R"%(-----BEGIN CERTIFICATE-----
+MIIFSzCCAzOgAwIBAgIUNd7VUuGK4+ylzCOrmeckg2+TqX8wDQYJKoZIhvcNAQEL
+BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MB4XDTI0MDMzMTE0MjUyM1oXDTM0MDMyOTE0MjUyM1owNTETMBEG
+A1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5AMV5V66wt+MM4+oCzH0
+xPi++j23p8AOa0o3dxNd4tm5y++gAdKfoxj7oh32ZuYHA5V+sGNEalN/b3GlKXMm
+ThdVPSwqOQduny19wrb126ZeQXCfqwgSZQ+rgzaIYpw8/GRRuLDunmsdaR2eiptp
+dbv6g6P/aIF6P9mfuekwCC9KBCV6ftqOEnzulNLVw4JjY0rKB9NZqONKVMfWpNyC
+zJLCkGmza7BOpybhloZIxGJz033yCjDvIQr9GUWsA5rU9LdUiL+F1W0pWkIel1qo
+Evo0EIl3+EOcSSzETI7NPHgnSzNau39ZShV4UBj2lw0DWeNcobeMBQ8ItmqEU6V0
+gCEqfUnt10bGIDdmV3D5FKPgvhFvEjQULnblLeLDQ6XDFf+xbGEVjvTzVkLjvyKm
+H2D+SKw2O+eDU/0+xhpAf+QsWlm6pmvKWjXI5wK1rh2yssBK2pmY3LuuZCdGrvXb
+KX4j/4S9qMr43Hmyoyz0gE5I5rplqot8TvT9O/JsgQYd9fYSvdB+HbqAlJzpBZFl
+xbVBXxl0AlDFwQtNMX5ylEQPvYVDKA1M+DTqRTgQKctTfccwvovY3YMV7m5YoODZ
+ya2YSBRfQim6VsC+QPYs7p2dk1larIoMMaTaU02oMY+qT2d/eyhWKBv5W9LuowTQ
+bWa3ZhWN8lXriPgJOQnZ6iUCAwEAAaNTMFEwHQYDVR0OBBYEFCpEPlClLrgu1zFN
+Fmas5G4ybNRJMB8GA1UdIwQYMBaAFCpEPlClLrgu1zFNFmas5G4ybNRJMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFLl1NZHp0NT5Av4GKmsJFeI
+cJOgcIygjR4SBGDAxyPqVpZk0x1q64gJsfOe1ARyI4olQPqO08FZMeB+VBYuqR3S
+fEVQZz2FT5U7IVAEZwWHOcWkrrVpEZC6PZktYJ7Yqju6+ic93inoPrHhGNZ5XA/Y
+GSfwriWkyWm2SOk35ChFH67MbPWmve8CRAXRmrOCByXwXF87wdqVYZUvH9xDe6WU
+snFWXVHr2NA7Re8ZIGp7yJOwwW+CZagepNCPUDwnI0fWOahtOTzonIjq8bfgTZPx
+2e7lBuAr9tVMpoeyUytVOlNJDojZAtKOpfMwhAG8ydhk+78aK07VVbnSYVhv7ctU
+kkkldqP/S3lBlWo44oOxenwLc9vDQNh64py7eQTD7Qv+TjqAG0ljHIDbVqlkQsgR
+pQsu7keG9O1xASSTLZVZN2/alNewpqE/eFRfPM3mtUiTiIZvSxiQnWQMbKofAZH5
+HwhVli4RKWRWPqpof4GFNkB8XwfBE+gdlFuWtyg0oRyV3sJ6Zn7E+lUpbQX4CFx3
+97vekaFNBchNYMcP3TZ9LwxTx1xOWZ5HHrHyzASG3uz2rqwAsEmdRbmK03KfEQyQ
+YpNY718btZ1D6lLino9VMgzaPhUs79bHC64O4ncl7hRclK9qa3KLQdCG1cbIR7G0
+2XVYrfsnPHX0CsPDIy7L
+-----END CERTIFICATE-----)%";
+
+static config make_tls_config()
 {
    config cfg;
    cfg.use_ssl = true;
-   cfg.username = "aedis";
-   cfg.password = "aedis";
-   cfg.addr.host = "db.occase.de";
+   cfg.addr.host = get_server_hostname();
    cfg.addr.port = "6380";
-   //cfg.health_check_interval = std::chrono::seconds{0};
    return cfg;
 }
 
@@ -49,11 +75,13 @@ BOOST_AUTO_TEST_CASE(ping_internal_ssl_context)
 
    net::io_context ioc;
    connection conn{ioc};
-   conn.next_layer().set_verify_mode(net::ssl::verify_peer);
-   conn.next_layer().set_verify_callback(verify_certificate);
 
-   conn.async_exec(req, resp, [&](auto ec, auto) {
-      BOOST_TEST(!ec);
+   // The custom server uses a certificate signed by a CA
+   // that is not trusted by default - skip verification.
+   conn.next_layer().set_verify_mode(net::ssl::verify_none);
+
+   conn.async_exec(req, resp, [&](error_code ec, auto) {
+      BOOST_TEST(ec == std::error_code());
       conn.cancel();
    });
 
@@ -76,12 +104,17 @@ BOOST_AUTO_TEST_CASE(ping_custom_ssl_context)
 
    net::io_context ioc;
    net::ssl::context ctx{boost::asio::ssl::context::tls_client};
+
+   // Configure the SSL context to trust the CA that signed the server's certificate.
+   // The test certificate uses "redis" as its common name, regardless of the actual server's hostname
+   ctx.add_certificate_authority(net::const_buffer(ca_certificate, std::strlen(ca_certificate)));
+   ctx.set_verify_mode(net::ssl::verify_peer);
+   ctx.set_verify_callback(net::ssl::host_name_verification("redis"));
+
    connection conn{ioc, std::move(ctx)};
-   conn.next_layer().set_verify_mode(net::ssl::verify_peer);
-   conn.next_layer().set_verify_callback(verify_certificate);
 
    conn.async_exec(req, resp, [&](auto ec, auto) {
-      BOOST_TEST(!ec);
+      BOOST_TEST(ec == std::error_code());
       conn.cancel();
    });
 
@@ -91,38 +124,3 @@ BOOST_AUTO_TEST_CASE(ping_custom_ssl_context)
 
    BOOST_CHECK_EQUAL(in, std::get<0>(resp).value());
 }
-
-BOOST_AUTO_TEST_CASE(acl_does_not_allow_select)
-{
-   auto cfg = make_tls_config();
-   cfg.database_index = 22;
-   cfg.reconnect_wait_interval = std::chrono::seconds::zero();
-
-   std::string const in = "Kabuf";
-
-   request req;
-   req.push("PING", in);
-
-   response<std::string> resp;
-
-   net::io_context ioc;
-   connection conn{ioc};
-   conn.next_layer().set_verify_mode(net::ssl::verify_peer);
-   conn.next_layer().set_verify_callback(verify_certificate);
-
-   conn.async_exec(req, resp, [&](auto, auto) {
-      // TODO: We should not need this cancel here because
-      // reconnect was disabled.
-      conn.cancel();
-   });
-
-
-   error_code ec2;
-   conn.async_run(cfg, {}, [&](auto ec) {
-      ec2 = ec;
-   });
-
-   ioc.run();
-
-   BOOST_TEST(!!ec2);
-}