Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python Wrapper - Support TLS insecure #3375

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Python Wrapper - Support TLS insecure #3375

wants to merge 2 commits into from

Conversation

GilboaAWS
Copy link
Collaborator

Expose TlsMode::Insecure client option for the python wrapper using advanced config.

TLS state defaults to secured. When using this option, the client will bypass certificate verification, allowing connections to Valkey/Redis instances with self-signed or otherwise unauthorized certificates. This option is intended for local development or testing environments where a valid certificate may not be available. It is not recommended for production use, as disabling certificate validation exposes the connection to potential security risks such as man-in-the-middle attacks.

@GilboaAWS GilboaAWS added the python Python wrapper label Mar 17, 2025
@GilboaAWS GilboaAWS requested a review from barshaul March 17, 2025 15:21
@GilboaAWS GilboaAWS requested a review from a team as a code owner March 17, 2025 15:21
Yury-Fridlyand
Yury-Fridlyand reviewed Mar 17, 2025
View reviewed changes
Copy link
Collaborator

@Yury-Fridlyand Yury-Fridlyand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please test this and fix CI

python/python/glide/config.py
@@ -479,6 +506,8 @@ class GlideClusterClientConfiguration(BaseClientConfiguration):
]

use_tls (bool): True if communication with the cluster should use Transport Level Security.
If you need to configure an insecure TLS setup (for example, bypassing certificate validation),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can change use_tls from bool to union of bool and enum. So TLS configuration will have the same (and the only) entry point without breaking changes

@Yury-Fridlyand Yury-Fridlyand mentioned this pull request Mar 17, 2025
Open
5 tasks
@GilboaAWS GilboaAWS force-pushed the expose_tls_insecure branch from d7c7e3a to 0b458f2 Compare March 18, 2025 09:56
@GilboaAWS GilboaAWS force-pushed the expose_tls_insecure branch from 0b458f2 to 103d782 Compare March 18, 2025 09:57
@GilboaAWS GilboaAWS requested a review from ikolomi March 18, 2025 12:13
@GilboaAWS GilboaAWS marked this pull request as draft March 23, 2025 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yury-Fridlyand Yury-Fridlyand Yury-Fridlyand left review comments

@barshaul barshaul Awaiting requested review from barshaul

@ikolomi ikolomi Awaiting requested review from ikolomi

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
python Python wrapper
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GilboaAWS @Yury-Fridlyand