mirror of https://github.com/redis/redis.git
860b8c772a
This PR implements support for automatic client authentication based on a field in the client's TLS certificate. We adopt ValKey’s PR: https://github.com/valkey-io/valkey/pull/1920 API Changes: Add New configuration tls-auth-clients-user - Allowed values: `off` (default), `CN`. - `off` – disable TLS certificate–based auto-authentication. - `CN` – derive the ACL username from the Common Name (CN) field of the client certificate. New INFO stat - `acl_access_denied_tls_cert` - Counts failed TLS certificate–based authentication attempts, i.e. TLS connections where a client certificate was presented, a username was derived from it, but no matching ACL user was found. New ACL LOG reason - Reason string: `"tls-cert"` - Emitted when a client certificate’s Common Name fails to match any existing ACL user. Implementation Details: - Added getCertFieldByName() utility to extract fields from peer certificates. - Added autoAuthenticateClientFromCert() to handle automatic login logic post-handshake. - Integrated automatic authentication into the TLSAccept function after handshake completion. - Updated test suite (tests/integration/tls.tcl) to validate the feature. |
||
|---|---|---|
| .. | ||
| cluster | ||
| moduleapi | ||
| type | ||
| acl-v2.tcl | ||
| acl.tcl | ||
| aofrw.tcl | ||
| auth.tcl | ||
| bitfield.tcl | ||
| bitops.tcl | ||
| client-eviction.tcl | ||
| dump.tcl | ||
| expire.tcl | ||
| functions.tcl | ||
| geo.tcl | ||
| hyperloglog.tcl | ||
| info-command.tcl | ||
| info-keysizes.tcl | ||
| info.tcl | ||
| introspection-2.tcl | ||
| introspection.tcl | ||
| keyspace.tcl | ||
| latency-monitor.tcl | ||
| lazyfree.tcl | ||
| limits.tcl | ||
| maxmemory.tcl | ||
| memefficiency.tcl | ||
| multi.tcl | ||
| networking.tcl | ||
| obuf-limits.tcl | ||
| oom-score-adj.tcl | ||
| other.tcl | ||
| pause.tcl | ||
| printver.tcl | ||
| protocol.tcl | ||
| pubsub.tcl | ||
| pubsubshard.tcl | ||
| querybuf.tcl | ||
| quit.tcl | ||
| replybufsize.tcl | ||
| scan.tcl | ||
| scripting.tcl | ||
| shutdown.tcl | ||
| slowlog.tcl | ||
| sort.tcl | ||
| tls.tcl | ||
| tracking.tcl | ||
| violations.tcl | ||
| wait.tcl | ||