Skip to content

feat(server): add TLS cert info (CN, issue/expiry dates) to INFO server #6434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BenjaminGoehry wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(server): add TLS cert info (CN, issue/expiry dates) to INFO server #6434

BenjaminGoehry wants to merge 2 commits into from
+78 −0

Conversation

@BenjaminGoehry
Copy link

@BenjaminGoehry BenjaminGoehry commented Jan 21, 2026

Closes #3292

@BenjaminGoehry
Copy link
Author

BenjaminGoehry commented Jan 21, 2026

image

@BenjaminGoehry BenjaminGoehry force-pushed the tls_info branch 2 times, most recently from 165f4de to b36de44 Compare January 21, 2026 16:18
@BenjaminGoehry BenjaminGoehry marked this pull request as ready for review January 21, 2026 16:19
@BenjaminGoehry BenjaminGoehry mentioned this pull request Jan 21, 2026
Open
@moredure
Copy link
Contributor

moredure commented Jan 21, 2026
edited
Loading

@BenjaminGoehry I am not completely sure have you checked does dragonfly supports multiple certs per single server, if so maybe worth to output more information, probably as sort of list , have no idea how it's better to be represented in this case.

@BenjaminGoehry
Copy link
Author

BenjaminGoehry commented Jan 22, 2026

@moredure I checked whether Dragonfly supports multiple TLS certificates. According to the Listener class, only one certificate is loaded into the SSL_CTX. Additionally, the TLS configuration flags only allow specifying one certificate and key pair.
Based on this, it appears that Dragonfly does not currently support multiple certificates per server.

@BenjaminGoehry
feat: add TLS cert info (CN, dates) to INFO server
c3d350f 
Signed-off-by: Ben G <[email protected]>

refactor: InvokeCmd (dragonflydb#6399)

Signed-off-by: Kostas Kyrimis <[email protected]>

fix: partial sync from same source master with different shard sizes (dragonflydb#6381)

Signed-off-by: Kostas Kyrimis <[email protected]>

feat: add hnsw metadata into index serialization (dragonflydb#6429)

* feat: add hnsw metadata into index serialization

fix: QList::iterator semantics (dragonflydb#6439)

* fix: QList::iterator semantics

Before: you needed to call Next() to initialize it.
Now it is returned initialized so one can just call Valid() to test its validity.

* Add test for erasing last element in multi-entry node when another node follows.
This ensures the iterator correctly advances to the first element of the next node.

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: romange <[email protected]>

---------

Signed-off-by: Roman Gershman <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: romange <[email protected]>

tests: Check if tx is initialized before accessing its state (dragonflydb#6446)

A transaction may be created (non null) but not fully initialized yet.
The watchdog timer in test-utils can find a tx in such a place,
resulting in a crash due to the asserts in the tx member variables,
specifically the inlined vector that holds shard data.

Also adds a lock while accessing connections within test utils, since
another assert was seen recently when accessing that field.

Signed-off-by: Abhijat Malviya <[email protected]>

chore: support listpack with lists (dragonflydb#6424)

The code handles listpack encoding but it's effectively disabled as the code that creates
the data-structure creates only qlist.

The next step would be to create listpack as well as implement promotion to qlist when needed.

Signed-off-by: Roman Gershman <[email protected]>

Use async tx for ioloopv2/set (dragonflydb#6433)

feat(server): add protected mode to bind localhost when no password is set (dragonflydb#6442)

* feat(server): add protected mode to bind localhost when no password is set

Co-authored-by: Copilot <[email protected]>
Signed-off-by: Rafael Peroco <[email protected]>

---------

Signed-off-by: Rafael Peroco <[email protected]>
Co-authored-by: Copilot <[email protected]>
@BenjaminGoehry BenjaminGoehry force-pushed the tls_info branch 3 times, most recently from b0a43ff to cdb57c0 Compare February 1, 2026 13:44
@BenjaminGoehry
Copy link
Author

BenjaminGoehry commented Feb 1, 2026

@moredure Just following up. Does the TLS output look good to you? Happy to make any adjustments needed! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Include TLS information into INFO command output

2 participants

@BenjaminGoehry @moredure