diff --git a/.github/wordlist.txt b/.github/wordlist.txt index e9182855..c62a2332 100644 --- a/.github/wordlist.txt +++ b/.github/wordlist.txt @@ -86,7 +86,6 @@ Sanfilippo SHA sharding SONAME -SSL struct structs stunnel diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c4e08439..ab03fde5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,17 +16,17 @@ jobs: - name: Build using cmake env: - EXTRA_CMAKE_OPTS: -DENABLE_EXAMPLES:BOOL=ON -DENABLE_SSL:BOOL=ON + EXTRA_CMAKE_OPTS: -DENABLE_EXAMPLES:BOOL=ON -DENABLE_TLS:BOOL=ON run: mkdir build && cd build && cmake3 .. && make - name: Build using Makefile - run: USE_SSL=1 TEST_ASYNC=1 make + run: USE_TLS=1 TEST_ASYNC=1 make - name: Run tests working-directory: tests env: SKIPS_AS_FAILS: 1 - TEST_SSL: 1 + TEST_TLS: 1 run: ./test.sh centos8: @@ -51,17 +51,17 @@ jobs: - name: Build using cmake env: - EXTRA_CMAKE_OPTS: -DENABLE_EXAMPLES:BOOL=ON -DENABLE_SSL:BOOL=ON + EXTRA_CMAKE_OPTS: -DENABLE_EXAMPLES:BOOL=ON -DENABLE_TLS:BOOL=ON run: mkdir build && cd build && cmake .. && make - name: Build using Makefile - run: USE_SSL=1 TEST_ASYNC=1 make + run: USE_TLS=1 TEST_ASYNC=1 make - name: Run tests working-directory: tests env: SKIPS_AS_FAILS: 1 - TEST_SSL: 1 + TEST_TLS: 1 run: ./test.sh freebsd: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 888f35c5..077cf75d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: if [ -n "${{ matrix.sanitizer }}" ]; then export CFLAGS="-fno-omit-frame-pointer -fsanitize=${{ matrix.sanitizer }}" fi - cmake -B build -S . -DCMAKE_BUILD_TYPE=${{ matrix.cmake-build-type }} -DENABLE_SSL=ON -DENABLE_IPV6_TESTS=ON + cmake -B build -S . -DCMAKE_BUILD_TYPE=${{ matrix.cmake-build-type }} -DENABLE_TLS=ON -DENABLE_IPV6_TESTS=ON - name: Build working-directory: build run: VERBOSE=1 make @@ -102,18 +102,18 @@ jobs: git clone --depth 1 --branch 7.2.5 https://github.com/valkey-io/valkey.git cd valkey && sudo BUILD_TLS=yes make install - name: Build - run: USE_SSL=1 TEST_ASYNC=1 make + run: USE_TLS=1 TEST_ASYNC=1 make - name: Run tests working-directory: tests env: SKIPS_AS_FAILS: 1 - TEST_SSL: 1 + TEST_TLS: 1 run: ./test.sh - name: Run tests under valgrind working-directory: tests env: SKIPS_AS_FAILS: 1 - TEST_SSL: 1 + TEST_TLS: 1 TEST_PREFIX: valgrind --error-exitcode=99 --track-origins=yes --leak-check=full run: ./test.sh @@ -129,26 +129,26 @@ jobs: version: 1.0 - name: Install libvalkey using Makefile run: | - make USE_SSL=1 DESTDIR=${{ github.workspace }}/make-install install + make USE_TLS=1 DESTDIR=${{ github.workspace }}/make-install install - name: Install libvalkey using CMake run: | mkdir build && cd build - cmake -DDISABLE_TESTS=ON -DENABLE_SSL=ON .. + cmake -DDISABLE_TESTS=ON -DENABLE_TLS=ON .. make DESTDIR=${{ github.workspace }}/cmake-install install - name: Build examples with Makefile using a Makefile-installed libvalkey run: | make CFLAGS="-I${{ github.workspace }}/make-install/usr/local/include" \ STLIBNAME="${{ github.workspace }}/make-install/usr/local/lib/libvalkey.a" \ - USE_SSL=1 -C examples + USE_TLS=1 -C examples - name: Build examples with Makefile using a CMake-installed libvalkey run: | make CFLAGS="-I${{ github.workspace }}/cmake-install/usr/local/include" \ STLIBNAME="${{ github.workspace }}/cmake-install/usr/local/lib/libvalkey.a" \ - USE_SSL=1 -C examples + USE_TLS=1 -C examples - name: Build examples with CMake using a CMake-installed libvalkey run: | cd examples && mkdir build && cd build - cmake -DCMAKE_PREFIX_PATH=${{ github.workspace }}/cmake-install/usr/local -DENABLE_SSL=ON .. + cmake -DCMAKE_PREFIX_PATH=${{ github.workspace }}/cmake-install/usr/local -DENABLE_TLS=ON .. make macos: @@ -165,14 +165,14 @@ jobs: - name: Build using CMake run: | mkdir build && cd build - cmake .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DENABLE_SSL=ON + cmake .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DENABLE_TLS=ON ninja -v - name: Build using Makefile - run: USE_SSL=1 make + run: USE_TLS=1 make - name: Run tests working-directory: tests env: - TEST_SSL: 1 + TEST_TLS: 1 run: ./test.sh windows: diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 605db1d6..42466c42 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -21,7 +21,7 @@ jobs: - name: Prepare run: | mkdir build; cd build - cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_SSL=ON .. + cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_TLS=ON .. - name: Build, scan and report uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0 with: diff --git a/CMakeLists.txt b/CMakeLists.txt index cf1b99d2..5559cdcc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,7 +19,7 @@ PROJECT(valkey LANGUAGES "C" VERSION "${VERSION}") INCLUDE(GNUInstallDirs) OPTION(BUILD_SHARED_LIBS "Build shared libraries" ON) -OPTION(ENABLE_SSL "Build valkey_ssl for SSL support" OFF) +OPTION(ENABLE_TLS "Build valkey_tls for TLS support" OFF) OPTION(DISABLE_TESTS "If tests should be compiled or not" OFF) OPTION(ENABLE_EXAMPLES "Enable building valkey examples" OFF) option(ENABLE_IPV6_TESTS "Enable IPv6 tests requiring special prerequisites" OFF) @@ -152,77 +152,77 @@ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/valkey-config.cmake DESTINATION ${CMAKE_CONF_INSTALL_DIR}) -IF(ENABLE_SSL) +IF(ENABLE_TLS) IF (NOT OPENSSL_ROOT_DIR) IF (APPLE) SET(OPENSSL_ROOT_DIR "/usr/local/opt/openssl") ENDIF() ENDIF() FIND_PACKAGE(OpenSSL REQUIRED) - SET(valkey_ssl_sources - src/cluster_ssl.c - src/ssl.c) - ADD_LIBRARY(valkey_ssl ${valkey_ssl_sources}) - ADD_LIBRARY(valkey::valkey_ssl ALIAS valkey_ssl) + SET(valkey_tls_sources + src/cluster_tls.c + src/tls.c) + ADD_LIBRARY(valkey_tls ${valkey_tls_sources}) + ADD_LIBRARY(valkey::valkey_tls ALIAS valkey_tls) - TARGET_INCLUDE_DIRECTORIES(valkey_ssl + TARGET_INCLUDE_DIRECTORIES(valkey_tls PRIVATE $ $ ) IF (APPLE AND BUILD_SHARED_LIBS) - SET_PROPERTY(TARGET valkey_ssl PROPERTY LINK_FLAGS "-Wl,-undefined -Wl,dynamic_lookup") + SET_PROPERTY(TARGET valkey_tls PROPERTY LINK_FLAGS "-Wl,-undefined -Wl,dynamic_lookup") ENDIF() - SET_TARGET_PROPERTIES(valkey_ssl + SET_TARGET_PROPERTIES(valkey_tls PROPERTIES WINDOWS_EXPORT_ALL_SYMBOLS TRUE VERSION "${LIBVALKEY_SONAME}") IF(MSVC) - SET_TARGET_PROPERTIES(valkey_ssl + SET_TARGET_PROPERTIES(valkey_tls PROPERTIES COMPILE_FLAGS /Z7) ENDIF() - TARGET_LINK_LIBRARIES(valkey_ssl PRIVATE OpenSSL::SSL) + TARGET_LINK_LIBRARIES(valkey_tls PRIVATE OpenSSL::SSL) IF(WIN32) - TARGET_LINK_LIBRARIES(valkey_ssl PRIVATE valkey) + TARGET_LINK_LIBRARIES(valkey_tls PRIVATE valkey) ENDIF() - CONFIGURE_FILE(valkey_ssl.pc.in valkey_ssl.pc @ONLY) + CONFIGURE_FILE(valkey_tls.pc.in valkey_tls.pc @ONLY) - INSTALL(TARGETS valkey_ssl - EXPORT valkey_ssl-targets + INSTALL(TARGETS valkey_tls + EXPORT valkey_tls-targets RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) if (MSVC AND BUILD_SHARED_LIBS) - INSTALL(FILES $ + INSTALL(FILES $ DESTINATION ${CMAKE_INSTALL_BINDIR} CONFIGURATIONS Debug RelWithDebInfo) endif() - INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/valkey_ssl.pc + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/valkey_tls.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - export(EXPORT valkey_ssl-targets - FILE "${CMAKE_CURRENT_BINARY_DIR}/valkey_ssl-targets.cmake" + export(EXPORT valkey_tls-targets + FILE "${CMAKE_CURRENT_BINARY_DIR}/valkey_tls-targets.cmake" NAMESPACE valkey::) if(WIN32) - SET(CMAKE_CONF_INSTALL_DIR share/valkey_ssl) + SET(CMAKE_CONF_INSTALL_DIR share/valkey_tls) else() - SET(CMAKE_CONF_INSTALL_DIR ${CMAKE_INSTALL_LIBDIR}/cmake/valkey_ssl) + SET(CMAKE_CONF_INSTALL_DIR ${CMAKE_INSTALL_LIBDIR}/cmake/valkey_tls) endif() - configure_package_config_file(valkey_ssl-config.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/valkey_ssl-config.cmake + configure_package_config_file(valkey_tls-config.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/valkey_tls-config.cmake INSTALL_DESTINATION ${CMAKE_CONF_INSTALL_DIR} PATH_VARS INCLUDE_INSTALL_DIR) - INSTALL(EXPORT valkey_ssl-targets - FILE valkey_ssl-targets.cmake + INSTALL(EXPORT valkey_tls-targets + FILE valkey_tls-targets.cmake NAMESPACE valkey:: DESTINATION ${CMAKE_CONF_INSTALL_DIR}) - INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/valkey_ssl-config.cmake + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/valkey_tls-config.cmake DESTINATION ${CMAKE_CONF_INSTALL_DIR}) ENDIF() diff --git a/Makefile b/Makefile index b67f4326..6d6f2774 100644 --- a/Makefile +++ b/Makefile @@ -15,8 +15,8 @@ INCLUDE_DIR = include/valkey TEST_SRCS = $(TEST_DIR)/client_test.c TEST_BINS = $(patsubst $(TEST_DIR)/%.c,$(TEST_DIR)/%,$(TEST_SRCS)) -SOURCES = $(filter-out $(wildcard $(SRC_DIR)/*ssl.c) $(SRC_DIR)/rdma.c, $(wildcard $(SRC_DIR)/*.c)) -HEADERS = $(filter-out $(wildcard $(INCLUDE_DIR)/*ssl.h) $(INCLUDE_DIR)/rdma.h, $(wildcard $(INCLUDE_DIR)/*.h)) +SOURCES = $(filter-out $(wildcard $(SRC_DIR)/*tls.c) $(SRC_DIR)/rdma.c, $(wildcard $(SRC_DIR)/*.c)) +HEADERS = $(filter-out $(wildcard $(INCLUDE_DIR)/*tls.h) $(INCLUDE_DIR)/rdma.h, $(wildcard $(INCLUDE_DIR)/*.h)) OBJS = $(patsubst $(SRC_DIR)/%.c,$(OBJ_DIR)/%.o,$(SOURCES)) @@ -24,7 +24,7 @@ LIBNAME=libvalkey PKGCONFNAME=$(LIB_DIR)/valkey.pc PKGCONF_TEMPLATE = valkey.pc.in -SSL_PKGCONF_TEMPLATE = valkey_ssl.pc.in +TLS_PKGCONF_TEMPLATE = valkey_tls.pc.in RDMA_PKGCONF_TEMPLATE = valkey_rdma.pc.in LIBVALKEY_HEADER=$(INCLUDE_DIR)/valkey.h @@ -81,36 +81,36 @@ STLIB_ROOT_NAME=$(LIBNAME).$(STLIBSUFFIX) STLIBNAME=$(LIB_DIR)/$(STLIB_ROOT_NAME) STLIB_MAKE_CMD=$(AR) rcs -#################### SSL variables start #################### -SSL_LIBNAME=libvalkey_ssl -SSL_PKGCONFNAME=$(LIB_DIR)/valkey_ssl.pc -SSL_INSTALLNAME=install-ssl -SSL_DYLIB_MINOR_NAME=$(SSL_LIBNAME).$(DYLIBSUFFIX).$(LIBVALKEY_SONAME) -SSL_DYLIB_MAJOR_NAME=$(SSL_LIBNAME).$(DYLIBSUFFIX).$(LIBVALKEY_MAJOR) -SSL_ROOT_DYLIB_NAME=$(SSL_LIBNAME).$(DYLIBSUFFIX) -SSL_DYLIBNAME=$(LIB_DIR)/$(SSL_LIBNAME).$(DYLIBSUFFIX) -SSL_STLIBNAME=$(LIB_DIR)/$(SSL_LIBNAME).$(STLIBSUFFIX) -SSL_DYLIB_MAKE_CMD=$(CC) $(OPTIMIZATION) $(PLATFORM_FLAGS) -shared -Wl,-soname,$(SSL_DYLIB_MINOR_NAME) +#################### TLS variables start #################### +TLS_LIBNAME=libvalkey_tls +TLS_PKGCONFNAME=$(LIB_DIR)/valkey_tls.pc +TLS_INSTALLNAME=install-tls +TLS_DYLIB_MINOR_NAME=$(TLS_LIBNAME).$(DYLIBSUFFIX).$(LIBVALKEY_SONAME) +TLS_DYLIB_MAJOR_NAME=$(TLS_LIBNAME).$(DYLIBSUFFIX).$(LIBVALKEY_MAJOR) +TLS_ROOT_DYLIB_NAME=$(TLS_LIBNAME).$(DYLIBSUFFIX) +TLS_DYLIBNAME=$(LIB_DIR)/$(TLS_LIBNAME).$(DYLIBSUFFIX) +TLS_STLIBNAME=$(LIB_DIR)/$(TLS_LIBNAME).$(STLIBSUFFIX) +TLS_DYLIB_MAKE_CMD=$(CC) $(OPTIMIZATION) $(PLATFORM_FLAGS) -shared -Wl,-soname,$(TLS_DYLIB_MINOR_NAME) -USE_SSL?=0 +USE_TLS?=0 -ifeq ($(USE_SSL),1) - SSL_SOURCES = $(wildcard $(SRC_DIR)/*ssl.c) - SSL_OBJS = $(patsubst $(SRC_DIR)/%.c,$(OBJ_DIR)/%.o,$(SSL_SOURCES)) +ifeq ($(USE_TLS),1) + TLS_SOURCES = $(wildcard $(SRC_DIR)/*tls.c) + TLS_OBJS = $(patsubst $(SRC_DIR)/%.c,$(OBJ_DIR)/%.o,$(TLS_SOURCES)) # This is required for test.c only - CFLAGS+=-DVALKEY_TEST_SSL - SSL_STLIB=$(SSL_STLIBNAME) - SSL_DYLIB=$(SSL_DYLIBNAME) - SSL_PKGCONF=$(SSL_PKGCONFNAME) - SSL_INSTALL=$(SSL_INSTALLNAME) + CFLAGS+=-DVALKEY_TEST_TLS + TLS_STLIB=$(TLS_STLIBNAME) + TLS_DYLIB=$(TLS_DYLIBNAME) + TLS_PKGCONF=$(TLS_PKGCONFNAME) + TLS_INSTALL=$(TLS_INSTALLNAME) else - SSL_STLIB= - SSL_DYLIB= - SSL_PKGCONF= - SSL_INSTALL= + TLS_STLIB= + TLS_DYLIB= + TLS_PKGCONF= + TLS_INSTALL= endif -##################### SSL variables end ##################### +##################### TLS variables end ##################### #################### RDMA variables start #################### RDMA_LIBNAME=libvalkey_rdma @@ -152,7 +152,7 @@ ifeq ($(TEST_ASYNC),1) export CFLAGS+=-DVALKEY_TEST_ASYNC endif -ifeq ($(USE_SSL),1) +ifeq ($(USE_TLS),1) ifndef OPENSSL_PREFIX ifeq ($(uname_S),Darwin) SEARCH_PATH1=/opt/homebrew/opt/openssl @@ -168,10 +168,10 @@ ifeq ($(USE_SSL),1) ifdef OPENSSL_PREFIX CFLAGS+=-I$(OPENSSL_PREFIX)/include - SSL_LDFLAGS+=-L$(OPENSSL_PREFIX)/lib + TLS_LDFLAGS+=-L$(OPENSSL_PREFIX)/lib endif - SSL_LDFLAGS+=-lssl -lcrypto + TLS_LDFLAGS+=-lssl -lcrypto endif ifeq ($(uname_S),FreeBSD) @@ -184,12 +184,12 @@ else ifeq ($(UNAME_S),SunOS) endif REAL_LDFLAGS += -ldl -lnsl -lsocket DYLIB_MAKE_CMD = $(CC) $(OPTIMIZATION) $(SUN_SHARED_FLAG) -o $(DYLIBNAME) -h $(DYLIB_MINOR_NAME) $(LDFLAGS) - SSL_DYLIB_MAKE_CMD = $(CC) $(SUN_SHARED_FLAG) -o $(SSL_DYLIBNAME) -h $(SSL_DYLIB_MINOR_NAME) $(LDFLAGS) $(SSL_LDFLAGS) + TLS_DYLIB_MAKE_CMD = $(CC) $(SUN_SHARED_FLAG) -o $(TLS_DYLIBNAME) -h $(TLS_DYLIB_MINOR_NAME) $(LDFLAGS) $(TLS_LDFLAGS) else ifeq ($(uname_S),Darwin) DYLIBSUFFIX=dylib DYLIB_MINOR_NAME=$(LIBNAME).$(LIBVALKEY_SONAME).$(DYLIBSUFFIX) DYLIB_MAKE_CMD=$(CC) -dynamiclib -Wl,-install_name,$(PREFIX)/$(LIBRARY_PATH)/$(DYLIB_MINOR_NAME) -o $(DYLIBNAME) $(LDFLAGS) - SSL_DYLIB_MAKE_CMD=$(CC) -dynamiclib -Wl,-install_name,$(PREFIX)/$(LIBRARY_PATH)/$(SSL_DYLIB_MINOR_NAME) -o $(SSL_DYLIBNAME) $(LDFLAGS) $(SSL_LDFLAGS) + TLS_DYLIB_MAKE_CMD=$(CC) -dynamiclib -Wl,-install_name,$(PREFIX)/$(LIBRARY_PATH)/$(TLS_DYLIB_MINOR_NAME) -o $(TLS_DYLIBNAME) $(LDFLAGS) $(TLS_LDFLAGS) DYLIB_PLUGIN=-Wl,-undefined -Wl,dynamic_lookup endif @@ -201,11 +201,11 @@ $(DYLIBNAME): $(OBJS) | $(LIB_DIR) $(STLIBNAME): $(OBJS) | $(LIB_DIR) $(STLIB_MAKE_CMD) $(STLIBNAME) $(OBJS) -$(SSL_DYLIBNAME): $(SSL_OBJS) - $(SSL_DYLIB_MAKE_CMD) $(DYLIB_PLUGIN) -o $(SSL_DYLIBNAME) $(SSL_OBJS) $(REAL_LDFLAGS) $(LDFLAGS) $(SSL_LDFLAGS) +$(TLS_DYLIBNAME): $(TLS_OBJS) + $(TLS_DYLIB_MAKE_CMD) $(DYLIB_PLUGIN) -o $(TLS_DYLIBNAME) $(TLS_OBJS) $(REAL_LDFLAGS) $(LDFLAGS) $(TLS_LDFLAGS) -$(SSL_STLIBNAME): $(SSL_OBJS) - $(STLIB_MAKE_CMD) $(SSL_STLIBNAME) $(SSL_OBJS) +$(TLS_STLIBNAME): $(TLS_OBJS) + $(STLIB_MAKE_CMD) $(TLS_STLIBNAME) $(TLS_OBJS) $(RDMA_DYLIBNAME): $(RDMA_OBJS) $(RDMA_DYLIB_MAKE_CMD) $(DYLIB_PLUGIN) -o $(RDMA_DYLIBNAME) $(RDMA_OBJS) $(REAL_LDFLAGS) $(LDFLAGS) $(RDMA_LDFLAGS) @@ -220,7 +220,7 @@ $(OBJ_DIR)/%.o: $(TEST_DIR)/%.c | $(OBJ_DIR) $(CC) -std=c99 -pedantic $(REAL_CFLAGS) -I$(INCLUDE_DIR) -I$(SRC_DIR) -MMD -MP -c $< -o $@ $(TEST_DIR)/%: $(OBJ_DIR)/%.o $(STLIBNAME) - $(CC) -o $@ $< $(RDMA_STLIB) $(STLIBNAME) $(SSL_STLIB) $(LDFLAGS) $(TEST_LDFLAGS) + $(CC) -o $@ $< $(RDMA_STLIB) $(STLIBNAME) $(TLS_STLIB) $(LDFLAGS) $(TEST_LDFLAGS) $(OBJ_DIR): mkdir -p $(OBJ_DIR) @@ -228,16 +228,16 @@ $(OBJ_DIR): $(LIB_DIR): mkdir -p $(LIB_DIR) -dynamic: $(DYLIBNAME) $(SSL_DYLIB) $(RDMA_DYLIB) +dynamic: $(DYLIBNAME) $(TLS_DYLIB) $(RDMA_DYLIB) -static: $(STLIBNAME) $(SSL_STLIB) $(RDMA_STLIB) +static: $(STLIBNAME) $(TLS_STLIB) $(RDMA_STLIB) -pkgconfig: $(PKGCONFNAME) $(SSL_PKGCONF) $(RDMA_PKGCONF) +pkgconfig: $(PKGCONFNAME) $(TLS_PKGCONF) $(RDMA_PKGCONF) -include $(OBJS:.o=.d) -TEST_LDFLAGS = $(SSL_LDFLAGS) $(RDMA_LDFLAGS) -ifeq ($(USE_SSL),1) +TEST_LDFLAGS = $(TLS_LDFLAGS) $(RDMA_LDFLAGS) +ifeq ($(USE_TLS),1) TEST_LDFLAGS += -pthread endif ifeq ($(TEST_ASYNC),1) @@ -263,7 +263,7 @@ $(PKGCONFNAME): $(PKGCONF_TEMPLATE) -e 's|@PROJECT_VERSION@|$(LIBVALKEY_SONAME)|g' \ $< > $@ -$(SSL_PKGCONFNAME): $(SSL_PKGCONF_TEMPLATE) +$(TLS_PKGCONFNAME): $(TLS_PKGCONF_TEMPLATE) @echo "Generating $@ for pkgconfig..." sed \ -e 's|@CMAKE_INSTALL_PREFIX@|$(PREFIX)|g' \ @@ -279,7 +279,7 @@ $(RDMA_PKGCONFNAME): $(RDMA_PKGCONF_TEMPLATE) -e 's|@PROJECT_VERSION@|$(LIBVALKEY_SONAME)|g' \ $< > $@ -install: $(DYLIBNAME) $(STLIBNAME) $(PKGCONFNAME) $(SSL_INSTALL) +install: $(DYLIBNAME) $(STLIBNAME) $(PKGCONFNAME) $(TLS_INSTALL) mkdir -p $(INSTALL_INCLUDE_PATH)/adapters $(INSTALL_LIBRARY_PATH) $(INSTALL) $(HEADERS) $(INSTALL_INCLUDE_PATH) $(INSTALL) $(INCLUDE_DIR)/adapters/*.h $(INSTALL_INCLUDE_PATH)/adapters @@ -290,16 +290,16 @@ install: $(DYLIBNAME) $(STLIBNAME) $(PKGCONFNAME) $(SSL_INSTALL) mkdir -p $(INSTALL_PKGCONF_PATH) $(INSTALL) $(PKGCONFNAME) $(INSTALL_PKGCONF_PATH) -install-ssl: $(SSL_DYLIBNAME) $(SSL_STLIBNAME) $(SSL_PKGCONFNAME) +install-tls: $(TLS_DYLIBNAME) $(TLS_STLIBNAME) $(TLS_PKGCONFNAME) mkdir -p $(INSTALL_INCLUDE_PATH) $(INSTALL_LIBRARY_PATH) - $(INSTALL) $(INCLUDE_DIR)/ssl.h $(INSTALL_INCLUDE_PATH) - $(INSTALL) $(INCLUDE_DIR)/cluster_ssl.h $(INSTALL_INCLUDE_PATH) - $(INSTALL) $(SSL_DYLIBNAME) $(INSTALL_LIBRARY_PATH)/$(SSL_DYLIB_MINOR_NAME) - ln -sf $(SSL_DYLIB_MINOR_NAME) $(INSTALL_LIBRARY_PATH)/$(SSL_ROOT_DYLIB_NAME) - ln -sf $(SSL_DYLIB_MINOR_NAME) $(INSTALL_LIBRARY_PATH)/$(SSL_DYLIB_MAJOR_NAME) - $(INSTALL) $(SSL_STLIBNAME) $(INSTALL_LIBRARY_PATH) + $(INSTALL) $(INCLUDE_DIR)/tls.h $(INSTALL_INCLUDE_PATH) + $(INSTALL) $(INCLUDE_DIR)/cluster_tls.h $(INSTALL_INCLUDE_PATH) + $(INSTALL) $(TLS_DYLIBNAME) $(INSTALL_LIBRARY_PATH)/$(TLS_DYLIB_MINOR_NAME) + ln -sf $(TLS_DYLIB_MINOR_NAME) $(INSTALL_LIBRARY_PATH)/$(TLS_ROOT_DYLIB_NAME) + ln -sf $(TLS_DYLIB_MINOR_NAME) $(INSTALL_LIBRARY_PATH)/$(TLS_DYLIB_MAJOR_NAME) + $(INSTALL) $(TLS_STLIBNAME) $(INSTALL_LIBRARY_PATH) mkdir -p $(INSTALL_PKGCONF_PATH) - $(INSTALL) $(SSL_PKGCONFNAME) $(INSTALL_PKGCONF_PATH) + $(INSTALL) $(TLS_PKGCONFNAME) $(INSTALL_PKGCONF_PATH) install-rdma: $(RDMA_DYLIBNAME) $(RDMA_STLIBNAME) $(RDMA_PKGCONFNAME) mkdir -p $(INSTALL_INCLUDE_PATH) $(INSTALL_LIBRARY_PATH) diff --git a/README.md b/README.md index 32e43114..f9d49407 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Libvalkey is the official C client for the [Valkey](https://valkey.io) database. - Commands are executed in a generic way, with printf-like invocation. - Supports both `RESP2` and `RESP3` protocol versions. - Supports both synchronous and asynchronous operation. -- Optional support for `SSL` and `RDMA` connections. +- Optional support for `TLS` and `RDMA` connections. - Asynchronous API with several event libraries to choose from. - Supports both standalone and cluster mode operation. - Can be compiled with either `make` or `CMake`. @@ -42,10 +42,10 @@ We support plain GNU make and CMake. Following is information on how to build th sudo make install # With all options -sudo USE_SSL=1 USE_RDMA=1 make install +sudo USE_TLS=1 USE_RDMA=1 make install # If your openssl is in a non-default location -sudo USE_SSL=1 OPENSSL_PREFIX=/path/to/openssl make install +sudo USE_TLS=1 OPENSSL_PREFIX=/path/to/openssl make install ``` ### Building with CMake @@ -60,7 +60,7 @@ sudo make install # Build with TLS and RDMA support mkdir build && cd build -cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_SSL=1 -DENABLE_RDMA=1 .. +cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_TLS=1 -DENABLE_RDMA=1 .. sudo make install ``` diff --git a/docs/migration-guide.md b/docs/migration-guide.md index 25e61833..748d76e9 100644 --- a/docs/migration-guide.md +++ b/docs/migration-guide.md @@ -6,8 +6,10 @@ This guide highlights which APIs that have changed and what you need to do when The general actions needed are: * Replace the prefix `redis` with `valkey` in API usages. +* Replace the term `SSL` with `TLS` in API usages for secure communication. * Update include paths depending on your previous installation. All `libvalkey` headers are now found under `include/valkey/`. +* Update used build options, e.g. `USE_TLS` replaces `USE_SSL`. ## Migrating from `hiredis` v1.2.0 diff --git a/docs/standalone.md b/docs/standalone.md index bf73cffe..c6e87b8c 100644 --- a/docs/standalone.md +++ b/docs/standalone.md @@ -23,7 +23,7 @@ This document describes using `libvalkey` in standalone (non-cluster) mode, incl - [Connecting](#connecting-1) - [Executing commands](#executing-commands-1) - [Disconnecting/cleanup](#disconnecting-cleanup-1) -- [SSL/TLS support](#ssl-tls-support) +- [TLS support](#tls-support) ## Synchronous API @@ -367,9 +367,9 @@ To terminate the connection forcefully use `valkeyAsyncFree` which also will blo There will be no more data sent on the socket and all pending callbacks will be called with a `NULL` reply. After this, the disconnection callback is called with the `VALKEY_OK` status, and the context object is freed. -## SSL/TLS support +## TLS support -SSL/TLS support is not enabled by default and requires an explicit build flag as described in [`README.md`](../README.md#building). +TLS support is not enabled by default and requires an explicit build flag as described in [`README.md`](../README.md#building). -Libvalkey implements SSL/TLS on top of its `valkeyContext` and `valkeyAsyncContext`, so you will need to establish a connection first and then initiate an SSL/TLS handshake. -See the [examples](../examples) directory for how to create the SSL/TLS context and initiate the handshake. +Libvalkey implements TLS on top of its `valkeyContext` and `valkeyAsyncContext`, so you will need to establish a connection first and then initiate a TLS handshake. +See the [examples](../examples) directory for how to create the TLS context and initiate the handshake. diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt index 25d1939f..159fec70 100644 --- a/examples/CMakeLists.txt +++ b/examples/CMakeLists.txt @@ -5,7 +5,7 @@ if(CMAKE_SOURCE_DIR STREQUAL PROJECT_SOURCE_DIR) # This CMakeLists.txt is used standalone to build the examples. # Find required valkey package to get include paths. find_package(valkey REQUIRED) - find_package(valkey_ssl QUIET) + find_package(valkey_tls QUIET) else() # This CMakeLists.txt is included, most likely from libvalkey's project # CMakeLists.txt. Add path to enable includes. @@ -36,9 +36,9 @@ if(LIBEVENT) add_executable(example-async-libevent async-libevent.c) target_link_libraries(example-async-libevent valkey::valkey event) - if(ENABLE_SSL) - add_executable(example-async-libevent-ssl async-libevent-ssl.c) - target_link_libraries(example-async-libevent-ssl valkey::valkey valkey::valkey_ssl event) + if(ENABLE_TLS) + add_executable(example-async-libevent-tls async-libevent-tls.c) + target_link_libraries(example-async-libevent-tls valkey::valkey valkey::valkey_tls event) endif() endif() @@ -66,9 +66,9 @@ if(APPLE) target_link_libraries(example-async-macosx valkey::valkey ${CF}) endif() -if(ENABLE_SSL) - add_executable(example-blocking-ssl blocking-ssl.c) - target_link_libraries(example-blocking-ssl valkey::valkey valkey::valkey_ssl) +if(ENABLE_TLS) + add_executable(example-blocking-tls blocking-tls.c) + target_link_libraries(example-blocking-tls valkey::valkey valkey::valkey_tls) endif() add_executable(example-blocking blocking.c) @@ -81,9 +81,9 @@ if(LIBEVENT) add_executable(example-cluster-async cluster-async.c) target_link_libraries(example-cluster-async valkey::valkey event) - if(ENABLE_SSL) + if(ENABLE_TLS) add_executable(example-cluster-async-tls cluster-async-tls.c) - target_link_libraries(example-cluster-async-tls valkey::valkey valkey::valkey_ssl event) + target_link_libraries(example-cluster-async-tls valkey::valkey valkey::valkey_tls event) endif() add_executable(example-cluster-clientside-caching-async cluster-clientside-caching-async.c) @@ -93,7 +93,7 @@ endif() add_executable(example-cluster-simple cluster-simple.c) target_link_libraries(example-cluster-simple valkey::valkey) -if(ENABLE_SSL) +if(ENABLE_TLS) add_executable(example-cluster-tls cluster-tls.c) - target_link_libraries(example-cluster-tls valkey::valkey valkey::valkey_ssl) + target_link_libraries(example-cluster-tls valkey::valkey valkey::valkey_tls) endif() diff --git a/examples/Makefile b/examples/Makefile index 34f2b1f7..de026310 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -10,11 +10,11 @@ EXAMPLES=example-blocking example-blocking-push example-async-libevent \ example-cluster-async example-cluster-clientside-caching-async \ example-cluster-simple -ifeq ($(USE_SSL),1) - EXAMPLES+=example-blocking-ssl example-async-libevent-ssl \ +ifeq ($(USE_TLS),1) + EXAMPLES+=example-blocking-tls example-async-libevent-tls \ example-cluster-async-tls example-cluster-tls - SSL_STLIBNAME=../lib/libvalkey_ssl.a - SSL_LDFLAGS=-lssl -lcrypto + TLS_STLIBNAME=../lib/libvalkey_tls.a + TLS_LDFLAGS=-lssl -lcrypto endif .PHONY: all clean @@ -24,8 +24,8 @@ all: $(EXAMPLES) $(STLIBNAME): $(MAKE) -C ../ -$(SSL_STLIBNAME): - USE_SSL=1 $(MAKE) -C ../ +$(TLS_STLIBNAME): + USE_TLS=1 $(MAKE) -C ../ example-blocking: blocking.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) @@ -33,14 +33,14 @@ example-blocking: blocking.c $(STLIBNAME) example-blocking-push: blocking-push.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) -example-blocking-ssl: blocking-ssl.c $(STLIBNAME) $(SSL_STLIBNAME) - $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) $(SSL_STLIBNAME) $(SSL_LDFLAGS) +example-blocking-tls: blocking-tls.c $(STLIBNAME) $(TLS_STLIBNAME) + $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) $(TLS_STLIBNAME) $(TLS_LDFLAGS) example-async-libevent: async-libevent.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) -example-async-libevent-ssl: async-libevent-ssl.c $(STLIBNAME) $(SSL_STLIBNAME) - $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) $(SSL_STLIBNAME) $(SSL_LDFLAGS) +example-async-libevent-tls: async-libevent-tls.c $(STLIBNAME) $(TLS_STLIBNAME) + $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) $(TLS_STLIBNAME) $(TLS_LDFLAGS) example-async-libev: async-libev.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< -lev $(STLIBNAME) @@ -98,8 +98,8 @@ endif example-cluster-async: cluster-async.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) -example-cluster-async-tls: cluster-async-tls.c $(STLIBNAME) $(SSL_STLIBNAME) - $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) $(SSL_STLIBNAME) $(SSL_LDFLAGS) +example-cluster-async-tls: cluster-async-tls.c $(STLIBNAME) $(TLS_STLIBNAME) + $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) $(TLS_STLIBNAME) $(TLS_LDFLAGS) example-cluster-clientside-caching-async: cluster-clientside-caching-async.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< -levent $(STLIBNAME) @@ -107,8 +107,8 @@ example-cluster-clientside-caching-async: cluster-clientside-caching-async.c $(S example-cluster-simple: cluster-simple.c $(STLIBNAME) $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) -example-cluster-tls: cluster-tls.c $(STLIBNAME) $(SSL_STLIBNAME) - $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) $(SSL_STLIBNAME) $(SSL_LDFLAGS) +example-cluster-tls: cluster-tls.c $(STLIBNAME) $(TLS_STLIBNAME) + $(CC) -o $@ $(CFLAGS) $< $(STLIBNAME) $(TLS_STLIBNAME) $(TLS_LDFLAGS) clean: rm -f example-* *.o diff --git a/examples/async-libevent-ssl.c b/examples/async-libevent-tls.c similarity index 82% rename from examples/async-libevent-ssl.c rename to examples/async-libevent-tls.c index 8a81849c..7f1c9d5e 100644 --- a/examples/async-libevent-ssl.c +++ b/examples/async-libevent-tls.c @@ -1,5 +1,5 @@ #include -#include +#include #include #include @@ -57,15 +57,15 @@ int main(int argc, char **argv) { const char *certKey = argv[5]; const char *caCert = argc > 5 ? argv[6] : NULL; - valkeySSLContext *ssl; - valkeySSLContextError ssl_error = VALKEY_SSL_CTX_NONE; + valkeyTLSContext *tls; + valkeyTLSContextError tls_error = VALKEY_TLS_CTX_NONE; valkeyInitOpenSSL(); - ssl = valkeyCreateSSLContext(caCert, NULL, - cert, certKey, NULL, &ssl_error); - if (!ssl) { - printf("Error: %s\n", valkeySSLContextGetError(ssl_error)); + tls = valkeyCreateTLSContext(caCert, NULL, + cert, certKey, NULL, &tls_error); + if (!tls) { + printf("Error: %s\n", valkeyTLSContextGetError(tls_error)); return 1; } @@ -75,8 +75,8 @@ int main(int argc, char **argv) { printf("Error: %s\n", c->errstr); return 1; } - if (valkeyInitiateSSLWithContext(&c->c, ssl) != VALKEY_OK) { - printf("SSL Error!\n"); + if (valkeyInitiateTLSWithContext(&c->c, tls) != VALKEY_OK) { + printf("TLS Error!\n"); exit(1); } @@ -87,6 +87,6 @@ int main(int argc, char **argv) { valkeyAsyncCommand(c, getCallback, (char *)"end-1", "GET key"); event_base_dispatch(base); - valkeyFreeSSLContext(ssl); + valkeyFreeTLSContext(tls); return 0; } diff --git a/examples/blocking-ssl.c b/examples/blocking-tls.c similarity index 86% rename from examples/blocking-ssl.c rename to examples/blocking-tls.c index afe4b532..922fc557 100644 --- a/examples/blocking-ssl.c +++ b/examples/blocking-tls.c @@ -1,4 +1,4 @@ -#include +#include #include #include @@ -11,8 +11,8 @@ int main(int argc, char **argv) { unsigned int j; - valkeySSLContext *ssl; - valkeySSLContextError ssl_error = VALKEY_SSL_CTX_NONE; + valkeyTLSContext *tls; + valkeyTLSContextError tls_error = VALKEY_TLS_CTX_NONE; valkeyContext *c; valkeyReply *reply; if (argc < 4) { @@ -26,9 +26,9 @@ int main(int argc, char **argv) { const char *ca = argc > 4 ? argv[5] : NULL; valkeyInitOpenSSL(); - ssl = valkeyCreateSSLContext(ca, NULL, cert, key, NULL, &ssl_error); - if (!ssl || ssl_error != VALKEY_SSL_CTX_NONE) { - printf("SSL Context error: %s\n", valkeySSLContextGetError(ssl_error)); + tls = valkeyCreateTLSContext(ca, NULL, cert, key, NULL, &tls_error); + if (!tls || tls_error != VALKEY_TLS_CTX_NONE) { + printf("TLS Context error: %s\n", valkeyTLSContextGetError(tls_error)); exit(1); } @@ -48,8 +48,8 @@ int main(int argc, char **argv) { exit(1); } - if (valkeyInitiateSSLWithContext(c, ssl) != VALKEY_OK) { - printf("Couldn't initialize SSL!\n"); + if (valkeyInitiateTLSWithContext(c, tls) != VALKEY_OK) { + printf("Couldn't initialize TLS!\n"); printf("Error: %s\n", c->errstr); valkeyFree(c); exit(1); @@ -106,7 +106,7 @@ int main(int argc, char **argv) { /* Disconnects and frees the context */ valkeyFree(c); - valkeyFreeSSLContext(ssl); + valkeyFreeTLSContext(tls); return 0; } diff --git a/examples/cluster-async-tls.c b/examples/cluster-async-tls.c index 3867c14c..00200f68 100644 --- a/examples/cluster-async-tls.c +++ b/examples/cluster-async-tls.c @@ -1,5 +1,5 @@ #include -#include +#include #include @@ -55,14 +55,14 @@ int main(int argc, char **argv) { UNUSED(argc); UNUSED(argv); - valkeySSLContext *ssl; - valkeySSLContextError ssl_error; + valkeyTLSContext *tls; + valkeyTLSContextError tls_error; valkeyInitOpenSSL(); - ssl = valkeyCreateSSLContext("ca.crt", NULL, "client.crt", "client.key", - NULL, &ssl_error); - if (!ssl) { - printf("SSL Context error: %s\n", valkeySSLContextGetError(ssl_error)); + tls = valkeyCreateTLSContext("ca.crt", NULL, "client.crt", "client.key", + NULL, &tls_error); + if (!tls) { + printf("TLS Context error: %s\n", valkeyTLSContextGetError(tls_error)); exit(1); } @@ -73,7 +73,7 @@ int main(int argc, char **argv) { valkeyClusterSetOptionAddNodes(acc->cc, CLUSTER_NODE_TLS); valkeyClusterSetOptionRouteUseSlots(acc->cc); valkeyClusterSetOptionParseSlaves(acc->cc); - valkeyClusterSetOptionEnableSSL(acc->cc, ssl); + valkeyClusterSetOptionEnableTLS(acc->cc, tls); if (valkeyClusterConnect2(acc->cc) != VALKEY_OK) { printf("Error: %s\n", acc->cc->errstr); @@ -101,7 +101,7 @@ int main(int argc, char **argv) { printf("Done..\n"); valkeyClusterAsyncFree(acc); - valkeyFreeSSLContext(ssl); + valkeyFreeTLSContext(tls); event_base_free(base); return 0; } diff --git a/examples/cluster-tls.c b/examples/cluster-tls.c index f46f22ad..526dadfe 100644 --- a/examples/cluster-tls.c +++ b/examples/cluster-tls.c @@ -1,6 +1,6 @@ #include -#include -#include +#include +#include #include #include @@ -12,14 +12,14 @@ int main(int argc, char **argv) { UNUSED(argc); UNUSED(argv); - valkeySSLContext *ssl; - valkeySSLContextError ssl_error; + valkeyTLSContext *tls; + valkeyTLSContextError tls_error; valkeyInitOpenSSL(); - ssl = valkeyCreateSSLContext("ca.crt", NULL, "client.crt", "client.key", - NULL, &ssl_error); - if (!ssl) { - printf("SSL Context error: %s\n", valkeySSLContextGetError(ssl_error)); + tls = valkeyCreateTLSContext("ca.crt", NULL, "client.crt", "client.key", + NULL, &tls_error); + if (!tls) { + printf("TLS Context error: %s\n", valkeyTLSContextGetError(tls_error)); exit(1); } @@ -30,7 +30,7 @@ int main(int argc, char **argv) { valkeyClusterSetOptionConnectTimeout(cc, timeout); valkeyClusterSetOptionRouteUseSlots(cc); valkeyClusterSetOptionParseSlaves(cc); - valkeyClusterSetOptionEnableSSL(cc, ssl); + valkeyClusterSetOptionEnableTLS(cc, tls); valkeyClusterConnect2(cc); if (!cc) { printf("Error: Allocation failure\n"); @@ -58,6 +58,6 @@ int main(int argc, char **argv) { freeReplyObject(reply2); valkeyClusterFree(cc); - valkeyFreeSSLContext(ssl); + valkeyFreeTLSContext(tls); return 0; } diff --git a/include/valkey/cluster.h b/include/valkey/cluster.h index 91d5405a..228a6ef4 100644 --- a/include/valkey/cluster.h +++ b/include/valkey/cluster.h @@ -68,7 +68,7 @@ extern "C" { struct hilist; struct valkeyClusterAsyncContext; -struct valkeySSLContext; +struct valkeyTLSContext; typedef int(adapterAttachFn)(valkeyAsyncContext *, void *); typedef void(valkeyClusterCallbackFn)(struct valkeyClusterAsyncContext *, @@ -116,8 +116,8 @@ typedef struct valkeyClusterContext { int retry_count; /* Current number of failing attempts */ int need_update_route; /* Indicator for valkeyClusterReset() (Pipel.) */ - void *ssl; /* Pointer to a valkeySSLContext when using SSL/TLS. */ - int (*ssl_init_fn)(struct valkeyContext *, struct valkeySSLContext *); + void *tls; /* Pointer to a valkeyTLSContext when using TLS. */ + int (*tls_init_fn)(struct valkeyContext *, struct valkeyTLSContext *); void (*on_connect)(const struct valkeyContext *c, int status); void (*event_callback)(const struct valkeyClusterContext *cc, int event, diff --git a/include/valkey/cluster_ssl.h b/include/valkey/cluster_tls.h similarity index 85% rename from include/valkey/cluster_ssl.h rename to include/valkey/cluster_tls.h index 5076b23e..a081f98f 100644 --- a/include/valkey/cluster_ssl.h +++ b/include/valkey/cluster_tls.h @@ -26,11 +26,11 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ -#ifndef VALKEY_CLUSTER_SSL_H -#define VALKEY_CLUSTER_SSL_H +#ifndef VALKEY_CLUSTER_TLS_H +#define VALKEY_CLUSTER_TLS_H #include "cluster.h" -#include "ssl.h" +#include "tls.h" #include "valkey.h" #ifdef __cplusplus @@ -38,13 +38,13 @@ extern "C" { #endif /** - * Configuration option to enable SSL/TLS negotiation on a context. + * Configuration option to enable TLS negotiation on a context. */ -int valkeyClusterSetOptionEnableSSL(valkeyClusterContext *cc, - valkeySSLContext *ssl); +int valkeyClusterSetOptionEnableTLS(valkeyClusterContext *cc, + valkeyTLSContext *tls); #ifdef __cplusplus } #endif -#endif /* VALKEY_CLUSTER_SSL_H */ +#endif /* VALKEY_CLUSTER_TLS_H */ diff --git a/include/valkey/ssl.h b/include/valkey/tls.h similarity index 63% rename from include/valkey/ssl.h rename to include/valkey/tls.h index 9ab2820b..474193e6 100644 --- a/include/valkey/ssl.h +++ b/include/valkey/tls.h @@ -28,8 +28,8 @@ * POSSIBILITY OF SUCH DAMAGE. */ -#ifndef VALKEY_SSL_H -#define VALKEY_SSL_H +#ifndef VALKEY_TLS_H +#define VALKEY_TLS_H #ifdef __cplusplus extern "C" { @@ -38,42 +38,41 @@ extern "C" { /* Forward declarations for structs defined elsewhere. */ struct valkeyContext; -/* This is the underlying struct for SSL in ssl.h, which is not included to +/* This is the underlying OpenSSL struct which is not included to * keep build dependencies short here. */ struct ssl_st; -/* A wrapper around OpenSSL SSL_CTX to allow easy SSL use without directly +/* A wrapper around OpenSSL SSL_CTX to allow easy TLS use without directly * calling OpenSSL. */ -typedef struct valkeySSLContext valkeySSLContext; +typedef struct valkeyTLSContext valkeyTLSContext; /** - * Initialization errors that valkeyCreateSSLContext() may return. + * Initialization errors that valkeyCreateTLSContext() may return. */ - typedef enum { - VALKEY_SSL_CTX_NONE = 0, /* No Error */ - VALKEY_SSL_CTX_CREATE_FAILED, /* Failed to create OpenSSL SSL_CTX */ - VALKEY_SSL_CTX_CERT_KEY_REQUIRED, /* Client cert and key must both be specified or skipped */ - VALKEY_SSL_CTX_CA_CERT_LOAD_FAILED, /* Failed to load CA Certificate or CA Path */ - VALKEY_SSL_CTX_CLIENT_CERT_LOAD_FAILED, /* Failed to load client certificate */ - VALKEY_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED, /* Failed to set client default certificate directory */ - VALKEY_SSL_CTX_PRIVATE_KEY_LOAD_FAILED, /* Failed to load private key */ - VALKEY_SSL_CTX_OS_CERTSTORE_OPEN_FAILED, /* Failed to open system certificate store */ - VALKEY_SSL_CTX_OS_CERT_ADD_FAILED /* Failed to add CA certificates obtained from system to the SSL context */ -} valkeySSLContextError; + VALKEY_TLS_CTX_NONE = 0, /* No Error */ + VALKEY_TLS_CTX_CREATE_FAILED, /* Failed to create OpenSSL SSL_CTX */ + VALKEY_TLS_CTX_CERT_KEY_REQUIRED, /* Client cert and key must both be specified or skipped */ + VALKEY_TLS_CTX_CA_CERT_LOAD_FAILED, /* Failed to load CA Certificate or CA Path */ + VALKEY_TLS_CTX_CLIENT_CERT_LOAD_FAILED, /* Failed to load client certificate */ + VALKEY_TLS_CTX_CLIENT_DEFAULT_CERT_FAILED, /* Failed to set client default certificate directory */ + VALKEY_TLS_CTX_PRIVATE_KEY_LOAD_FAILED, /* Failed to load private key */ + VALKEY_TLS_CTX_OS_CERTSTORE_OPEN_FAILED, /* Failed to open system certificate store */ + VALKEY_TLS_CTX_OS_CERT_ADD_FAILED /* Failed to add CA certificates obtained from system to the TLS context */ +} valkeyTLSContextError; /* Constants that mirror OpenSSL's verify modes. By default, - * VALKEY_SSL_VERIFY_PEER is used with valkeyCreateSSLContext(). + * VALKEY_TLS_VERIFY_PEER is used with valkeyCreateTLSContext(). * Some clients disable peer verification if there are no * certificates specified. */ -#define VALKEY_SSL_VERIFY_NONE 0x00 -#define VALKEY_SSL_VERIFY_PEER 0x01 -#define VALKEY_SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -#define VALKEY_SSL_VERIFY_CLIENT_ONCE 0x04 -#define VALKEY_SSL_VERIFY_POST_HANDSHAKE 0x08 +#define VALKEY_TLS_VERIFY_NONE 0x00 +#define VALKEY_TLS_VERIFY_PEER 0x01 +#define VALKEY_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define VALKEY_TLS_VERIFY_CLIENT_ONCE 0x04 +#define VALKEY_TLS_VERIFY_POST_HANDSHAKE 0x08 /* Options to create an OpenSSL context. */ typedef struct { @@ -83,13 +82,12 @@ typedef struct { const char *private_key_filename; const char *server_name; int verify_mode; -} valkeySSLOptions; +} valkeyTLSOptions; /** * Return the error message corresponding with the specified error code. */ - -const char *valkeySSLContextGetError(valkeySSLContextError error); +const char *valkeyTLSContextGetError(valkeyTLSContextError error); /** * Helper function to initialize the OpenSSL library. @@ -102,7 +100,7 @@ int valkeyInitOpenSSL(void); /** * Helper function to initialize an OpenSSL context that can be used - * to initiate SSL connections. + * to initiate TLS connections. * * cacert_filename is an optional name of a CA certificate/bundle file to load * and use for validation. @@ -120,46 +118,43 @@ int valkeyInitOpenSSL(void); * If error is non-null, it will be populated in case the context creation fails * (returning a NULL). */ - -valkeySSLContext *valkeyCreateSSLContext(const char *cacert_filename, const char *capath, +valkeyTLSContext *valkeyCreateTLSContext(const char *cacert_filename, const char *capath, const char *cert_filename, const char *private_key_filename, - const char *server_name, valkeySSLContextError *error); + const char *server_name, valkeyTLSContextError *error); /** * Helper function to initialize an OpenSSL context that can be used - * to initiate SSL connections. This is a more extensible version of valkeyCreateSSLContext(). + * to initiate TLS connections. This is a more extensible version of valkeyCreateTLSContext(). * - * options contains a structure of SSL options to use. + * options contains a structure of TLS options to use. * * If error is non-null, it will be populated in case the context creation fails * (returning a NULL). */ -valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, - valkeySSLContextError *error); +valkeyTLSContext *valkeyCreateTLSContextWithOptions(valkeyTLSOptions *options, + valkeyTLSContextError *error); /** * Free a previously created OpenSSL context. */ -void valkeyFreeSSLContext(valkeySSLContext *valkey_ssl_ctx); +void valkeyFreeTLSContext(valkeyTLSContext *valkey_tls_ctx); /** - * Initiate SSL on an existing valkeyContext. + * Initiate TLS on an existing valkeyContext. * - * This is similar to valkeyInitiateSSL() but does not require the caller - * to directly interact with OpenSSL, and instead uses a valkeySSLContext - * previously created using valkeyCreateSSLContext(). + * This is similar to valkeyInitiateTLS() but does not require the caller + * to directly interact with OpenSSL, and instead uses a valkeyTLSContext + * previously created using valkeyCreateTLSContext(). */ - -int valkeyInitiateSSLWithContext(struct valkeyContext *c, valkeySSLContext *valkey_ssl_ctx); +int valkeyInitiateTLSWithContext(struct valkeyContext *c, valkeyTLSContext *valkey_tls_ctx); /** - * Initiate SSL/TLS negotiation on a provided OpenSSL SSL object. + * Initiate TLS negotiation on a provided OpenSSL SSL object. */ - -int valkeyInitiateSSL(struct valkeyContext *c, struct ssl_st *ssl); +int valkeyInitiateTLS(struct valkeyContext *c, struct ssl_st *ssl); #ifdef __cplusplus } #endif -#endif /* VALKEY_SSL_H */ +#endif /* VALKEY_TLS_H */ diff --git a/include/valkey/valkey.h b/include/valkey/valkey.h index 85c8a0d9..d6e4fc9c 100644 --- a/include/valkey/valkey.h +++ b/include/valkey/valkey.h @@ -156,8 +156,6 @@ enum valkeyConnectionType { VALKEY_CONN_MAX }; -struct valkeySsl; - #define VALKEY_OPT_NONBLOCK 0x01 #define VALKEY_OPT_REUSEADDR 0x02 #define VALKEY_OPT_NOAUTOFREE 0x04 /* Don't automatically free the async @@ -298,7 +296,7 @@ typedef struct valkeyContext { void (*free_privdata)(void *); /* Internal context pointer presently used by libvalkey to manage - * SSL connections. */ + * TLS connections. */ void *privctx; /* An optional RESP3 PUSH handler */ diff --git a/src/cluster.c b/src/cluster.c index 83336ac3..95a35dcf 100644 --- a/src/cluster.c +++ b/src/cluster.c @@ -1188,7 +1188,7 @@ static int cluster_update_route_by_addr(valkeyClusterContext *cc, goto error; } - if (cc->ssl && cc->ssl_init_fn(c, cc->ssl) != VALKEY_OK) { + if (cc->tls && cc->tls_init_fn(c, cc->tls) != VALKEY_OK) { valkeyClusterSetError(cc, c->err, c->errstr); goto error; } @@ -1774,7 +1774,7 @@ valkeyContext *valkeyClusterGetValkeyContext(valkeyClusterContext *cc, cc->on_connect(c, c->err ? VALKEY_ERR : VALKEY_OK); } - if (cc->ssl && cc->ssl_init_fn(c, cc->ssl) != VALKEY_OK) { + if (cc->tls && cc->tls_init_fn(c, cc->tls) != VALKEY_OK) { valkeyClusterSetError(cc, c->err, c->errstr); } @@ -1809,7 +1809,7 @@ valkeyContext *valkeyClusterGetValkeyContext(valkeyClusterContext *cc, return NULL; } - if (cc->ssl && cc->ssl_init_fn(c, cc->ssl) != VALKEY_OK) { + if (cc->tls && cc->tls_init_fn(c, cc->tls) != VALKEY_OK) { valkeyClusterSetError(cc, c->err, c->errstr); valkeyFree(c); return NULL; @@ -2885,8 +2885,8 @@ valkeyClusterGetValkeyAsyncContext(valkeyClusterAsyncContext *acc, return NULL; } - if (acc->cc->ssl && - acc->cc->ssl_init_fn(&ac->c, acc->cc->ssl) != VALKEY_OK) { + if (acc->cc->tls && + acc->cc->tls_init_fn(&ac->c, acc->cc->tls) != VALKEY_OK) { valkeyClusterAsyncSetError(acc, ac->c.err, ac->c.errstr); valkeyAsyncFree(ac); return NULL; diff --git a/src/cluster_ssl.c b/src/cluster_tls.c similarity index 86% rename from src/cluster_ssl.c rename to src/cluster_tls.c index 3c591e35..7a0df24b 100644 --- a/src/cluster_ssl.c +++ b/src/cluster_tls.c @@ -26,16 +26,16 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ -#include "cluster_ssl.h" +#include "cluster_tls.h" -int valkeyClusterSetOptionEnableSSL(valkeyClusterContext *cc, - valkeySSLContext *ssl) { - if (cc == NULL || ssl == NULL) { +int valkeyClusterSetOptionEnableTLS(valkeyClusterContext *cc, + valkeyTLSContext *tls) { + if (cc == NULL || tls == NULL) { return VALKEY_ERR; } - cc->ssl = ssl; - cc->ssl_init_fn = &valkeyInitiateSSLWithContext; + cc->tls = tls; + cc->tls_init_fn = &valkeyInitiateTLSWithContext; return VALKEY_OK; } diff --git a/src/ssl.c b/src/tls.c similarity index 79% rename from src/ssl.c rename to src/tls.c index 0f0147e3..608bf8a1 100644 --- a/src/ssl.c +++ b/src/tls.c @@ -55,7 +55,7 @@ #include "win32.h" #include "async_private.h" -#include "ssl.h" +#include "tls.h" #include "valkey_private.h" #include @@ -63,16 +63,16 @@ #define OPENSSL_1_1_0 0x10100000L -struct valkeySSLContext { - /* Associated OpenSSL SSL_CTX as created by valkeyCreateSSLContext() */ +struct valkeyTLSContext { + /* Associated OpenSSL SSL_CTX as created by valkeyCreateTLSContext() */ SSL_CTX *ssl_ctx; /* Requested SNI, or NULL */ char *server_name; }; -/* The SSL connection context is attached to SSL/TLS connections as a privdata. */ -typedef struct valkeySSL { +/* The TLS connection context is attached to TLS connections as a privdata. */ +typedef struct valkeyTLS { /** * OpenSSL SSL object. */ @@ -92,10 +92,10 @@ typedef struct valkeySSL { * should resume whenever a read takes place, if possible */ int pendingWrite; -} valkeySSL; +} valkeyTLS; /* Forward declaration */ -static valkeyContextFuncs valkeyContextSSLFuncs; +static valkeyContextFuncs valkeyContextTLSFuncs; /** * OpenSSL global initialization and locking handling callbacks. @@ -175,33 +175,33 @@ int valkeyInitOpenSSL(void) { } /** - * valkeySSLContext helper context destruction. + * valkeyTLSContext helper context destruction. */ -const char *valkeySSLContextGetError(valkeySSLContextError error) { +const char *valkeyTLSContextGetError(valkeyTLSContextError error) { switch (error) { - case VALKEY_SSL_CTX_NONE: + case VALKEY_TLS_CTX_NONE: return "No Error"; - case VALKEY_SSL_CTX_CREATE_FAILED: + case VALKEY_TLS_CTX_CREATE_FAILED: return "Failed to create OpenSSL SSL_CTX"; - case VALKEY_SSL_CTX_CERT_KEY_REQUIRED: + case VALKEY_TLS_CTX_CERT_KEY_REQUIRED: return "Client cert and key must both be specified or skipped"; - case VALKEY_SSL_CTX_CA_CERT_LOAD_FAILED: + case VALKEY_TLS_CTX_CA_CERT_LOAD_FAILED: return "Failed to load CA Certificate or CA Path"; - case VALKEY_SSL_CTX_CLIENT_CERT_LOAD_FAILED: + case VALKEY_TLS_CTX_CLIENT_CERT_LOAD_FAILED: return "Failed to load client certificate"; - case VALKEY_SSL_CTX_PRIVATE_KEY_LOAD_FAILED: + case VALKEY_TLS_CTX_PRIVATE_KEY_LOAD_FAILED: return "Failed to load private key"; - case VALKEY_SSL_CTX_OS_CERTSTORE_OPEN_FAILED: + case VALKEY_TLS_CTX_OS_CERTSTORE_OPEN_FAILED: return "Failed to open system certificate store"; - case VALKEY_SSL_CTX_OS_CERT_ADD_FAILED: - return "Failed to add CA certificates obtained from system to the SSL context"; + case VALKEY_TLS_CTX_OS_CERT_ADD_FAILED: + return "Failed to add CA certificates obtained from system to the TLS context"; default: return "Unknown error code"; } } -void valkeyFreeSSLContext(valkeySSLContext *ctx) { +void valkeyFreeTLSContext(valkeyTLSContext *ctx) { if (!ctx) return; @@ -219,25 +219,25 @@ void valkeyFreeSSLContext(valkeySSLContext *ctx) { } /** - * valkeySSLContext helper context initialization. + * valkeyTLSContext helper context initialization. */ -valkeySSLContext *valkeyCreateSSLContext(const char *cacert_filename, const char *capath, +valkeyTLSContext *valkeyCreateTLSContext(const char *cacert_filename, const char *capath, const char *cert_filename, const char *private_key_filename, - const char *server_name, valkeySSLContextError *error) { - valkeySSLOptions options = { + const char *server_name, valkeyTLSContextError *error) { + valkeyTLSOptions options = { .cacert_filename = cacert_filename, .capath = capath, .cert_filename = cert_filename, .private_key_filename = private_key_filename, .server_name = server_name, - .verify_mode = VALKEY_SSL_VERIFY_PEER, + .verify_mode = VALKEY_TLS_VERIFY_PEER, }; - return valkeyCreateSSLContextWithOptions(&options, error); + return valkeyCreateTLSContextWithOptions(&options, error); } -valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, valkeySSLContextError *error) { +valkeyTLSContext *valkeyCreateTLSContextWithOptions(valkeyTLSOptions *options, valkeyTLSContextError *error) { const char *cacert_filename = options->cacert_filename; const char *capath = options->capath; const char *cert_filename = options->cert_filename; @@ -249,7 +249,7 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v PCCERT_CONTEXT win_ctx = NULL; #endif - valkeySSLContext *ctx = vk_calloc(1, sizeof(valkeySSLContext)); + valkeyTLSContext *ctx = vk_calloc(1, sizeof(valkeyTLSContext)); if (ctx == NULL) goto error; @@ -263,7 +263,7 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v ctx->ssl_ctx = SSL_CTX_new(ssl_method); if (!ctx->ssl_ctx) { if (error) - *error = VALKEY_SSL_CTX_CREATE_FAILED; + *error = VALKEY_TLS_CTX_CREATE_FAILED; goto error; } @@ -278,7 +278,7 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v if ((cert_filename != NULL && private_key_filename == NULL) || (private_key_filename != NULL && cert_filename == NULL)) { if (error) - *error = VALKEY_SSL_CTX_CERT_KEY_REQUIRED; + *error = VALKEY_TLS_CTX_CERT_KEY_REQUIRED; goto error; } @@ -288,7 +288,7 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v win_store = CertOpenSystemStore(NULL, "Root"); if (!win_store) { if (error) - *error = VALKEY_SSL_CTX_OS_CERTSTORE_OPEN_FAILED; + *error = VALKEY_TLS_CTX_OS_CERTSTORE_OPEN_FAILED; goto error; } X509_STORE *store = SSL_CTX_get_cert_store(ctx->ssl_ctx); @@ -299,7 +299,7 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v if ((1 != X509_STORE_add_cert(store, x509)) || (1 != SSL_CTX_add_client_CA(ctx->ssl_ctx, x509))) { if (error) - *error = VALKEY_SSL_CTX_OS_CERT_ADD_FAILED; + *error = VALKEY_TLS_CTX_OS_CERT_ADD_FAILED; goto error; } X509_free(x509); @@ -311,13 +311,13 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v #endif if (!SSL_CTX_load_verify_locations(ctx->ssl_ctx, cacert_filename, capath)) { if (error) - *error = VALKEY_SSL_CTX_CA_CERT_LOAD_FAILED; + *error = VALKEY_TLS_CTX_CA_CERT_LOAD_FAILED; goto error; } } else { if (!SSL_CTX_set_default_verify_paths(ctx->ssl_ctx)) { if (error) - *error = VALKEY_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED; + *error = VALKEY_TLS_CTX_CLIENT_DEFAULT_CERT_FAILED; goto error; } } @@ -325,12 +325,12 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v if (cert_filename) { if (!SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, cert_filename)) { if (error) - *error = VALKEY_SSL_CTX_CLIENT_CERT_LOAD_FAILED; + *error = VALKEY_TLS_CTX_CLIENT_CERT_LOAD_FAILED; goto error; } if (!SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, private_key_filename, SSL_FILETYPE_PEM)) { if (error) - *error = VALKEY_SSL_CTX_PRIVATE_KEY_LOAD_FAILED; + *error = VALKEY_TLS_CTX_PRIVATE_KEY_LOAD_FAILED; goto error; } } @@ -345,21 +345,21 @@ valkeySSLContext *valkeyCreateSSLContextWithOptions(valkeySSLOptions *options, v CertFreeCertificateContext(win_ctx); CertCloseStore(win_store, 0); #endif - valkeyFreeSSLContext(ctx); + valkeyFreeTLSContext(ctx); return NULL; } /** - * SSL Connection initialization. + * TLS Connection initialization. */ -static int valkeySSLConnect(valkeyContext *c, SSL *ssl) { +static int valkeyTLSConnect(valkeyContext *c, SSL *ssl) { if (c->privctx) { valkeySetError(c, VALKEY_ERR_OTHER, "valkeyContext was already associated"); return VALKEY_ERR; } - valkeySSL *rssl = vk_calloc(1, sizeof(valkeySSL)); + valkeyTLS *rssl = vk_calloc(1, sizeof(valkeyTLS)); if (rssl == NULL) { valkeySetError(c, VALKEY_ERR_OOM, "Out of memory"); return VALKEY_ERR; @@ -375,7 +375,7 @@ static int valkeySSLConnect(valkeyContext *c, SSL *ssl) { int rv = SSL_connect(rssl->ssl); if (rv == 1) { - c->funcs = &valkeyContextSSLFuncs; + c->funcs = &valkeyContextTLSFuncs; c->privctx = rssl; return VALKEY_OK; } @@ -383,7 +383,7 @@ static int valkeySSLConnect(valkeyContext *c, SSL *ssl) { rv = SSL_get_error(rssl->ssl, rv); if (((c->flags & VALKEY_BLOCK) == 0) && (rv == SSL_ERROR_WANT_READ || rv == SSL_ERROR_WANT_WRITE)) { - c->funcs = &valkeyContextSSLFuncs; + c->funcs = &valkeyContextTLSFuncs; c->privctx = rssl; return VALKEY_OK; } @@ -405,43 +405,43 @@ static int valkeySSLConnect(valkeyContext *c, SSL *ssl) { } /** - * A wrapper around valkeySSLConnect() for users who manage their own context and - * create their own SSL object. + * A wrapper around valkeyTLSConnect() for users who manage their own context and + * create their own OpenSSL SSL object. */ -int valkeyInitiateSSL(valkeyContext *c, SSL *ssl) { - return valkeySSLConnect(c, ssl); +int valkeyInitiateTLS(valkeyContext *c, SSL *ssl) { + return valkeyTLSConnect(c, ssl); } /** - * A wrapper around valkeySSLConnect() for users who use valkeySSLContext and don't - * manage their own SSL objects. + * A wrapper around valkeyTLSConnect() for users who use valkeyTLSContext and don't + * manage their own OpenSSL SSL objects. */ -int valkeyInitiateSSLWithContext(valkeyContext *c, valkeySSLContext *valkey_ssl_ctx) { - if (!c || !valkey_ssl_ctx) +int valkeyInitiateTLSWithContext(valkeyContext *c, valkeyTLSContext *valkey_tls_ctx) { + if (!c || !valkey_tls_ctx) return VALKEY_ERR; - /* We want to verify that valkeySSLConnect() won't fail on this, as it will - * not own the SSL object in that case and we'll end up leaking. + /* We want to verify that valkeyTLSConnect() won't fail on this, as it will + * not own the OpenSSL SSL object in that case and we'll end up leaking. */ if (c->privctx) return VALKEY_ERR; - SSL *ssl = SSL_new(valkey_ssl_ctx->ssl_ctx); + SSL *ssl = SSL_new(valkey_tls_ctx->ssl_ctx); if (!ssl) { - valkeySetError(c, VALKEY_ERR_OTHER, "Couldn't create new SSL instance"); + valkeySetError(c, VALKEY_ERR_OTHER, "Couldn't create new TLS instance"); goto error; } - if (valkey_ssl_ctx->server_name) { - if (!SSL_set_tlsext_host_name(ssl, valkey_ssl_ctx->server_name)) { + if (valkey_tls_ctx->server_name) { + if (!SSL_set_tlsext_host_name(ssl, valkey_tls_ctx->server_name)) { valkeySetError(c, VALKEY_ERR_OTHER, "Failed to set server_name/SNI"); goto error; } } - if (valkeySSLConnect(c, ssl) != VALKEY_OK) { + if (valkeyTLSConnect(c, ssl) != VALKEY_OK) { goto error; } @@ -453,7 +453,7 @@ int valkeyInitiateSSLWithContext(valkeyContext *c, valkeySSLContext *valkey_ssl_ return VALKEY_ERR; } -static int maybeCheckWant(valkeySSL *rssl, int rv) { +static int maybeCheckWant(valkeyTLS *rssl, int rv) { /** * If the error is WANT_READ or WANT_WRITE, the appropriate flags are set * and true is returned. False is returned otherwise @@ -470,11 +470,11 @@ static int maybeCheckWant(valkeySSL *rssl, int rv) { } /** - * Implementation of valkeyContextFuncs for SSL connections. + * Implementation of valkeyContextFuncs for TLS connections. */ -static void valkeySSLFree(void *privctx) { - valkeySSL *rsc = privctx; +static void valkeyTLSFree(void *privctx) { + valkeyTLS *rsc = privctx; if (!rsc) return; @@ -485,8 +485,8 @@ static void valkeySSLFree(void *privctx) { vk_free(rsc); } -static ssize_t valkeySSLRead(valkeyContext *c, char *buf, size_t bufcap) { - valkeySSL *rssl = c->privctx; +static ssize_t valkeyTLSRead(valkeyContext *c, char *buf, size_t bufcap) { + valkeyTLS *rssl = c->privctx; int nread = SSL_read(rssl->ssl, buf, bufcap); if (nread > 0) { @@ -527,8 +527,8 @@ static ssize_t valkeySSLRead(valkeyContext *c, char *buf, size_t bufcap) { } } -static ssize_t valkeySSLWrite(valkeyContext *c) { - valkeySSL *rssl = c->privctx; +static ssize_t valkeyTLSWrite(valkeyContext *c) { + valkeyTLS *rssl = c->privctx; size_t len = rssl->lastLen ? rssl->lastLen : sdslen(c->obuf); int rv = SSL_write(rssl->ssl, c->obuf, len); @@ -549,9 +549,9 @@ static ssize_t valkeySSLWrite(valkeyContext *c) { return rv; } -static void valkeySSLAsyncRead(valkeyAsyncContext *ac) { +static void valkeyTLSAsyncRead(valkeyAsyncContext *ac) { int rv; - valkeySSL *rssl = ac->c.privctx; + valkeyTLS *rssl = ac->c.privctx; valkeyContext *c = &ac->c; rssl->wantRead = 0; @@ -579,9 +579,9 @@ static void valkeySSLAsyncRead(valkeyAsyncContext *ac) { } } -static void valkeySSLAsyncWrite(valkeyAsyncContext *ac) { +static void valkeyTLSAsyncWrite(valkeyAsyncContext *ac) { int rv, done = 0; - valkeySSL *rssl = ac->c.privctx; + valkeyTLS *rssl = ac->c.privctx; valkeyContext *c = &ac->c; rssl->pendingWrite = 0; @@ -609,13 +609,13 @@ static void valkeySSLAsyncWrite(valkeyAsyncContext *ac) { _EL_ADD_READ(ac); } -static valkeyContextFuncs valkeyContextSSLFuncs = { +static valkeyContextFuncs valkeyContextTLSFuncs = { .connect = valkeyContextConnectTcp, .close = valkeyNetClose, - .free_privctx = valkeySSLFree, - .async_read = valkeySSLAsyncRead, - .async_write = valkeySSLAsyncWrite, - .read = valkeySSLRead, - .write = valkeySSLWrite, + .free_privctx = valkeyTLSFree, + .async_read = valkeyTLSAsyncRead, + .async_write = valkeyTLSAsyncWrite, + .read = valkeyTLSRead, + .write = valkeyTLSWrite, .set_timeout = valkeyTcpSetTimeout, }; diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 5f57595c..e8ddcec0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,10 +1,10 @@ SET(TEST_WITH_VALKEY_VERSION "7.2.5" CACHE STRING "Valkey version used when running tests.") -if(ENABLE_SSL) - # Generate SSL certs and keys when needed - set(SSL_CONFIGS ca.crt ca.key ca.txt valkey.crt valkey.key client.crt client.key) +if(ENABLE_TLS) + # Generate TLS certs and keys when needed + set(TLS_CONFIGS ca.crt ca.key ca.txt valkey.crt valkey.key client.crt client.key) add_custom_command( - OUTPUT ${SSL_CONFIGS} + OUTPUT ${TLS_CONFIGS} COMMAND openssl genrsa -out ca.key 4096 COMMAND openssl req -x509 -new -nodes -sha256 -key ca.key -days 3650 -subj '/CN=Valkey Test CA' -out ca.crt COMMAND openssl genrsa -out valkey.key 2048 @@ -12,8 +12,8 @@ if(ENABLE_SSL) COMMAND openssl genrsa -out client.key 2048 COMMAND openssl req -new -sha256 -key client.key -subj '/CN=Valkey Client Test Cert' | openssl x509 -req -sha256 -CA ca.crt -CAkey ca.key -CAserial ca.txt -CAcreateserial -days 365 -out client.crt ) - add_custom_target(generate_tls_configs DEPENDS ${SSL_CONFIGS}) - set(SSL_LIBRARY valkey_ssl) + add_custom_target(generate_tls_configs DEPENDS ${TLS_CONFIGS}) + set(TLS_LIBRARY valkey_tls) endif() if(ENABLE_IPV6_TESTS) @@ -64,9 +64,9 @@ endif() add_executable(client_test client_test.c) target_include_directories(client_test PRIVATE "${PROJECT_SOURCE_DIR}/src") target_link_libraries(client_test valkey) -if(SSL_LIBRARY) - target_compile_definitions(client_test PUBLIC VALKEY_TEST_SSL=1) - target_link_libraries(client_test ${SSL_LIBRARY}) +if(TLS_LIBRARY) + target_compile_definitions(client_test PUBLIC VALKEY_TEST_TLS=1) + target_link_libraries(client_test ${TLS_LIBRARY}) endif() if(LIBEVENT_LIBRARY) target_compile_definitions(client_test PUBLIC VALKEY_TEST_ASYNC=1) @@ -76,8 +76,8 @@ add_test(NAME client_test COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/test.sh") if(TEST_WITH_REDIS_VERSION) set_property(TEST client_test PROPERTY ENVIRONMENT "VALKEY_SERVER=redis-server") endif() -if(SSL_LIBRARY) - set_property(TEST client_test PROPERTY ENVIRONMENT "TEST_SSL=1") +if(TLS_LIBRARY) + set_property(TEST client_test PROPERTY ENVIRONMENT "TEST_TLS=1") endif() if(ENABLE_RDMA) target_compile_definitions(client_test PUBLIC VALKEY_TEST_RDMA=1) @@ -88,44 +88,44 @@ endif() # Add cluster tests if we have libevent if (LIBEVENT_LIBRARY) add_executable(ct_async ct_async.c) - target_link_libraries(ct_async valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(ct_async valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME ct_async COMMAND "$") add_executable(ct_commands ct_commands.c test_utils.c) - target_link_libraries(ct_commands valkey ${SSL_LIBRARY}) + target_link_libraries(ct_commands valkey ${TLS_LIBRARY}) add_test(NAME ct_commands COMMAND "$") add_executable(ct_connection ct_connection.c test_utils.c) - target_link_libraries(ct_connection valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(ct_connection valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME ct_connection COMMAND "$") add_executable(ct_pipeline ct_pipeline.c) - target_link_libraries(ct_pipeline valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(ct_pipeline valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME ct_pipeline COMMAND "$") add_executable(ct_connection_ipv6 ct_connection_ipv6.c) - target_link_libraries(ct_connection_ipv6 valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(ct_connection_ipv6 valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME ct_connection_ipv6 COMMAND "$") if(NOT ENABLE_IPV6_TESTS) set_tests_properties(ct_connection_ipv6 PROPERTIES DISABLED True) endif() add_executable(ct_out_of_memory_handling ct_out_of_memory_handling.c) - target_link_libraries(ct_out_of_memory_handling valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(ct_out_of_memory_handling valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME ct_out_of_memory_handling COMMAND "$") add_executable(ct_specific_nodes ct_specific_nodes.c test_utils.c) - target_link_libraries(ct_specific_nodes valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(ct_specific_nodes valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME ct_specific_nodes COMMAND "$") add_executable(ut_parse_cmd ut_parse_cmd.c test_utils.c) target_include_directories(ut_parse_cmd PRIVATE "${PROJECT_SOURCE_DIR}/src") - target_link_libraries(ut_parse_cmd valkey ${SSL_LIBRARY}) + target_link_libraries(ut_parse_cmd valkey ${TLS_LIBRARY}) add_test(NAME ut_parse_cmd COMMAND "$") if(LIBUV_LIBRARY) add_executable(ct_async_libuv ct_async_libuv.c) - target_link_libraries(ct_async_libuv valkey ${SSL_LIBRARY} ${LIBUV_LIBRARY}) + target_link_libraries(ct_async_libuv valkey ${TLS_LIBRARY} ${LIBUV_LIBRARY}) add_test(NAME ct_async_libuv COMMAND "$") else() add_test(NAME ct_async_libuv COMMAND "") @@ -134,7 +134,7 @@ if (LIBEVENT_LIBRARY) if(LIBEV_LIBRARY) add_executable(ct_async_libev ct_async_libev.c) - target_link_libraries(ct_async_libev valkey ${SSL_LIBRARY} ${LIBEV_LIBRARY}) + target_link_libraries(ct_async_libev valkey ${TLS_LIBRARY} ${LIBEV_LIBRARY}) add_test(NAME ct_async_libev COMMAND "$") else() add_test(NAME ct_async_libev COMMAND "") @@ -143,7 +143,7 @@ if (LIBEVENT_LIBRARY) if(GLIB_LIBRARY_FOUND) add_executable(ct_async_glib ct_async_glib.c) - target_link_libraries(ct_async_glib valkey ${SSL_LIBRARY} PkgConfig::GLIB_LIBRARY) + target_link_libraries(ct_async_glib valkey ${TLS_LIBRARY} PkgConfig::GLIB_LIBRARY) add_test(NAME ct_async_glib COMMAND "$") else() add_test(NAME ct_async_glib COMMAND "") @@ -152,11 +152,11 @@ if (LIBEVENT_LIBRARY) # Tests using simulated Valkey node add_executable(clusterclient clusterclient.c) - target_link_libraries(clusterclient valkey ${SSL_LIBRARY}) + target_link_libraries(clusterclient valkey ${TLS_LIBRARY}) add_executable(clusterclient_async clusterclient_async.c) - target_link_libraries(clusterclient_async valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(clusterclient_async valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_executable(clusterclient_reconnect_async clusterclient_reconnect_async.c) - target_link_libraries(clusterclient_reconnect_async valkey ${SSL_LIBRARY} ${LIBEVENT_LIBRARY}) + target_link_libraries(clusterclient_reconnect_async valkey ${TLS_LIBRARY} ${LIBEVENT_LIBRARY}) add_test(NAME set-get-test COMMAND "${CMAKE_SOURCE_DIR}/tests/scripts/set-get-test.sh" "$" diff --git a/tests/client_test.c b/tests/client_test.c index 5d411a83..b5c2e822 100644 --- a/tests/client_test.c +++ b/tests/client_test.c @@ -25,8 +25,8 @@ #include #include #include -#ifdef VALKEY_TEST_SSL -#include "ssl.h" +#ifdef VALKEY_TEST_TLS +#include "tls.h" #endif #ifdef VALKEY_TEST_RDMA #include "rdma.h" @@ -41,7 +41,7 @@ enum connection_type { CONN_TCP, CONN_UNIX, CONN_FD, - CONN_SSL, + CONN_TLS, CONN_RDMA }; @@ -64,7 +64,7 @@ struct config { const char *ca_cert; const char *cert; const char *key; - } ssl; + } tls; struct { const char *host; @@ -83,8 +83,8 @@ struct pushCounters { static int insecure_calloc_calls; -#ifdef VALKEY_TEST_SSL -valkeySSLContext *_ssl_ctx = NULL; +#ifdef VALKEY_TEST_TLS +valkeyTLSContext *_tls_ctx = NULL; #endif /* The following lines make up our testing "framework" :) */ @@ -246,11 +246,11 @@ static int disconnect(valkeyContext *c, int keep_fd) { return -1; } -static void do_ssl_handshake(valkeyContext *c) { -#ifdef VALKEY_TEST_SSL - valkeyInitiateSSLWithContext(c, _ssl_ctx); +static void do_tls_handshake(valkeyContext *c) { +#ifdef VALKEY_TEST_TLS + valkeyInitiateTLSWithContext(c, _tls_ctx); if (c->err) { - printf("SSL error: %s\n", c->errstr); + printf("TLS error: %s\n", c->errstr); valkeyFree(c); exit(1); } @@ -264,8 +264,8 @@ static valkeyContext *do_connect(struct config config) { if (config.type == CONN_TCP) { c = valkeyConnect(config.tcp.host, config.tcp.port); - } else if (config.type == CONN_SSL) { - c = valkeyConnect(config.ssl.host, config.ssl.port); + } else if (config.type == CONN_TLS) { + c = valkeyConnect(config.tls.host, config.tls.port); } else if (config.type == CONN_UNIX) { c = valkeyConnectUnix(config.unix_sock.path); #ifdef VALKEY_TEST_RDMA @@ -295,8 +295,8 @@ static valkeyContext *do_connect(struct config config) { exit(1); } - if (config.type == CONN_SSL) { - do_ssl_handshake(c); + if (config.type == CONN_TLS) { + do_tls_handshake(c); } return select_database(c); @@ -305,8 +305,8 @@ static valkeyContext *do_connect(struct config config) { static void do_reconnect(valkeyContext *c, struct config config) { valkeyReconnect(c); - if (config.type == CONN_SSL) { - do_ssl_handshake(c); + if (config.type == CONN_TLS) { + do_tls_handshake(c); } } @@ -1458,7 +1458,7 @@ static void test_invalid_timeout_errors(struct config config) { config.connect_timeout.tv_sec = 0; config.connect_timeout.tv_usec = 10000001; - if (config.type == CONN_TCP || config.type == CONN_SSL) { + if (config.type == CONN_TCP || config.type == CONN_TLS) { c = valkeyConnectWithTimeout(config.tcp.host, config.tcp.port, config.connect_timeout); } else if (config.type == CONN_UNIX) { c = valkeyConnectUnixWithTimeout(config.unix_sock.path, config.connect_timeout); @@ -1481,7 +1481,7 @@ static void test_invalid_timeout_errors(struct config config) { config.connect_timeout.tv_sec = (((LONG_MAX)-999) / 1000) + 1; config.connect_timeout.tv_usec = 0; - if (config.type == CONN_TCP || config.type == CONN_SSL) { + if (config.type == CONN_TCP || config.type == CONN_TLS) { c = valkeyConnectWithTimeout(config.tcp.host, config.tcp.port, config.connect_timeout); } else if (config.type == CONN_UNIX) { c = valkeyConnectUnixWithTimeout(config.unix_sock.path, config.connect_timeout); @@ -2145,10 +2145,10 @@ static valkeyAsyncContext *do_aconnect(struct config config, astest_no testno) { options.type = VALKEY_CONN_TCP; options.connect_timeout = &config.connect_timeout; VALKEY_OPTIONS_SET_TCP(&options, config.tcp.host, config.tcp.port); - } else if (config.type == CONN_SSL) { + } else if (config.type == CONN_TLS) { options.type = VALKEY_CONN_TCP; options.connect_timeout = &config.connect_timeout; - VALKEY_OPTIONS_SET_TCP(&options, config.ssl.host, config.ssl.port); + VALKEY_OPTIONS_SET_TCP(&options, config.tls.host, config.tls.port); } else if (config.type == CONN_UNIX) { options.type = VALKEY_CONN_UNIX; options.endpoint.unix_socket = config.unix_sock.path; @@ -2206,7 +2206,7 @@ static void test_async_polling(struct config config) { assert(astest.ac == NULL); test_cond(astest.disconnect_status == VALKEY_OK); - if (config.type == CONN_TCP || config.type == CONN_SSL) { + if (config.type == CONN_TCP || config.type == CONN_TLS) { /* timeout can only be simulated with network */ test("Async connect timeout: "); config.tcp.host = "192.168.254.254"; /* blackhole ip */ @@ -2238,7 +2238,7 @@ static void test_async_polling(struct config config) { test_cond(astest.pongs == 1); /* Test a ping/pong after connection that didn't time out. */ - if (config.type == CONN_TCP || config.type == CONN_SSL) { + if (config.type == CONN_TCP || config.type == CONN_TLS) { test("Async PING/PONG after connect timeout: "); config.connect_timeout.tv_usec = 10000; /* 10ms */ c = do_aconnect(config, ASTEST_PINGPONG_TIMEOUT); @@ -2312,27 +2312,27 @@ int main(int argc, char **argv) { test_inherit_fd = 0; } else if (argc >= 1 && !strcmp(argv[0], "--skips-as-fails")) { skips_as_fails = 1; -#ifdef VALKEY_TEST_SSL - } else if (argc >= 2 && !strcmp(argv[0], "--ssl-port")) { +#ifdef VALKEY_TEST_TLS + } else if (argc >= 2 && !strcmp(argv[0], "--tls-port")) { argv++; argc--; - cfg.ssl.port = atoi(argv[0]); - } else if (argc >= 2 && !strcmp(argv[0], "--ssl-host")) { + cfg.tls.port = atoi(argv[0]); + } else if (argc >= 2 && !strcmp(argv[0], "--tls-host")) { argv++; argc--; - cfg.ssl.host = argv[0]; - } else if (argc >= 2 && !strcmp(argv[0], "--ssl-ca-cert")) { + cfg.tls.host = argv[0]; + } else if (argc >= 2 && !strcmp(argv[0], "--tls-ca-cert")) { argv++; argc--; - cfg.ssl.ca_cert = argv[0]; - } else if (argc >= 2 && !strcmp(argv[0], "--ssl-cert")) { + cfg.tls.ca_cert = argv[0]; + } else if (argc >= 2 && !strcmp(argv[0], "--tls-cert")) { argv++; argc--; - cfg.ssl.cert = argv[0]; - } else if (argc >= 2 && !strcmp(argv[0], "--ssl-key")) { + cfg.tls.cert = argv[0]; + } else if (argc >= 2 && !strcmp(argv[0], "--tls-key")) { argv++; argc--; - cfg.ssl.key = argv[0]; + cfg.tls.key = argv[0]; #endif #ifdef VALKEY_TEST_RDMA } else if (argc >= 1 && !strcmp(argv[0], "--rdma-addr")) { @@ -2392,15 +2392,15 @@ int main(int argc, char **argv) { test_skipped(); } -#ifdef VALKEY_TEST_SSL - if (cfg.ssl.port && cfg.ssl.host) { +#ifdef VALKEY_TEST_TLS + if (cfg.tls.port && cfg.tls.host) { valkeyInitOpenSSL(); - _ssl_ctx = valkeyCreateSSLContext(cfg.ssl.ca_cert, NULL, cfg.ssl.cert, cfg.ssl.key, NULL, NULL); - assert(_ssl_ctx != NULL); + _tls_ctx = valkeyCreateTLSContext(cfg.tls.ca_cert, NULL, cfg.tls.cert, cfg.tls.key, NULL, NULL); + assert(_tls_ctx != NULL); - printf("\nTesting against SSL connection (%s:%d):\n", cfg.ssl.host, cfg.ssl.port); - cfg.type = CONN_SSL; + printf("\nTesting against TLS connection (%s:%d):\n", cfg.tls.host, cfg.tls.port); + cfg.type = CONN_TLS; test_blocking_connection(cfg); test_blocking_connection_timeouts(cfg); @@ -2410,8 +2410,8 @@ int main(int argc, char **argv) { if (throughput) test_throughput(cfg); - valkeyFreeSSLContext(_ssl_ctx); - _ssl_ctx = NULL; + valkeyFreeTLSContext(_tls_ctx); + _tls_ctx = NULL; } #endif diff --git a/tests/test.sh b/tests/test.sh index e5021871..8d8a1c4f 100755 --- a/tests/test.sh +++ b/tests/test.sh @@ -9,11 +9,11 @@ check_executable() { VALKEY_SERVER=${VALKEY_SERVER:-valkey-server} VALKEY_PORT=${VALKEY_PORT:-56379} -VALKEY_SSL_PORT=${VALKEY_SSL_PORT:-56443} -TEST_SSL=${TEST_SSL:-0} +VALKEY_TLS_PORT=${VALKEY_TLS_PORT:-56443} +TEST_TLS=${TEST_TLS:-0} SKIPS_AS_FAILS=${SKIPS_AS_FAILS:-0} ENABLE_DEBUG_CMD= -SSL_TEST_ARGS= +TLS_TEST_ARGS= SKIPS_ARG=${SKIPS_ARG:-} VALKEY_DOCKER=${VALKEY_DOCKER:-} TEST_RDMA=${TEST_RDMA:-0} @@ -32,34 +32,34 @@ PID_FILE=${tmpdir}/libvalkey-test-valkey.pid SOCK_FILE=${tmpdir}/libvalkey-test-valkey.sock CONF_FILE=${tmpdir}/valkey.conf -if [ "$TEST_SSL" = "1" ]; then - SSL_CA_CERT=${tmpdir}/ca.crt - SSL_CA_KEY=${tmpdir}/ca.key - SSL_CERT=${tmpdir}/valkey.crt - SSL_KEY=${tmpdir}/valkey.key +if [ "$TEST_TLS" = "1" ]; then + TLS_CA_CERT=${tmpdir}/ca.crt + TLS_CA_KEY=${tmpdir}/ca.key + TLS_CERT=${tmpdir}/valkey.crt + TLS_KEY=${tmpdir}/valkey.key openssl genrsa -out ${tmpdir}/ca.key 4096 openssl req \ -x509 -new -nodes -sha256 \ - -key ${SSL_CA_KEY} \ + -key ${TLS_CA_KEY} \ -days 3650 \ -subj '/CN=Libvalkey Test CA' \ - -out ${SSL_CA_CERT} - openssl genrsa -out ${SSL_KEY} 2048 + -out ${TLS_CA_CERT} + openssl genrsa -out ${TLS_KEY} 2048 openssl req \ -new -sha256 \ - -key ${SSL_KEY} \ + -key ${TLS_KEY} \ -subj '/CN=Libvalkey Test Cert' | \ openssl x509 \ -req -sha256 \ - -CA ${SSL_CA_CERT} \ - -CAkey ${SSL_CA_KEY} \ + -CA ${TLS_CA_CERT} \ + -CAkey ${TLS_CA_KEY} \ -CAserial ${tmpdir}/ca.txt \ -CAcreateserial \ -days 365 \ - -out ${SSL_CERT} + -out ${TLS_CERT} - SSL_TEST_ARGS="--ssl-host 127.0.0.1 --ssl-port ${VALKEY_SSL_PORT} --ssl-ca-cert ${SSL_CA_CERT} --ssl-cert ${SSL_CERT} --ssl-key ${SSL_KEY}" + TLS_TEST_ARGS="--tls-host 127.0.0.1 --tls-port ${VALKEY_TLS_PORT} --tls-ca-cert ${TLS_CA_CERT} --tls-cert ${TLS_CERT} --tls-key ${TLS_KEY}" fi cleanup() { @@ -90,13 +90,13 @@ bind 127.0.0.1 EOF fi -# if doing ssl, add these -if [ "$TEST_SSL" = "1" ]; then +# if doing tls, add these +if [ "$TEST_TLS" = "1" ]; then cat >> ${CONF_FILE} <