Skip to content

Commit 3dc46e3

Browse files
mortensimortensi
committed
Fix SSL certificate verification issues in Redis connection
- Import ssl module for proper SSL constants - Add helper function to convert string ssl_cert_reqs to SSL constants - Filter out None SSL parameters to avoid passing them to redis-py - Fix SSL certificate verification by using proper SSL constants instead of strings This resolves the 'certificate verify failed' error when using SSL connections with Redis Cloud and other SSL-enabled Redis instances.
1 parent 2c38c5b commit 3dc46e3

File tree

1 file changed

+39
-11
lines changed

1 file changed

+39
-11
lines changed

src/common/connection.py

Lines changed: 39 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import sys
2+
import ssl
23
from src.version import __version__
34
import redis
45
from redis import Redis
@@ -7,6 +8,19 @@
78
from src.common.config import REDIS_CFG
89

910

11+
def _get_ssl_cert_reqs(cert_reqs_str: str):
12+
"""Convert string SSL certificate requirements to SSL constants."""
13+
if cert_reqs_str == 'required':
14+
return ssl.CERT_REQUIRED
15+
elif cert_reqs_str == 'optional':
16+
return ssl.CERT_OPTIONAL
17+
elif cert_reqs_str == 'none':
18+
return ssl.CERT_NONE
19+
else:
20+
# Default to required for safety
21+
return ssl.CERT_REQUIRED
22+
23+
1024
class RedisConnectionManager:
1125
_instance: Optional[Redis] = None
1226

@@ -22,15 +36,22 @@ def get_connection(cls, decode_responses=True) -> Redis:
2236
"username": REDIS_CFG["username"],
2337
"password": REDIS_CFG["password"],
2438
"ssl": REDIS_CFG["ssl"],
25-
"ssl_ca_path": REDIS_CFG["ssl_ca_path"],
26-
"ssl_keyfile": REDIS_CFG["ssl_keyfile"],
27-
"ssl_certfile": REDIS_CFG["ssl_certfile"],
28-
"ssl_cert_reqs": REDIS_CFG["ssl_cert_reqs"],
29-
"ssl_ca_certs": REDIS_CFG["ssl_ca_certs"],
3039
"decode_responses": decode_responses,
3140
"lib_name": f"redis-py(mcp-server_v{__version__})",
32-
"max_connections_per_node": 10
41+
"max_connections_per_node": 10
3342
}
43+
44+
# Add SSL parameters only if they are not None
45+
if REDIS_CFG["ssl_ca_path"]:
46+
connection_params["ssl_ca_path"] = REDIS_CFG["ssl_ca_path"]
47+
if REDIS_CFG["ssl_keyfile"]:
48+
connection_params["ssl_keyfile"] = REDIS_CFG["ssl_keyfile"]
49+
if REDIS_CFG["ssl_certfile"]:
50+
connection_params["ssl_certfile"] = REDIS_CFG["ssl_certfile"]
51+
if REDIS_CFG["ssl_ca_certs"]:
52+
connection_params["ssl_ca_certs"] = REDIS_CFG["ssl_ca_certs"]
53+
if REDIS_CFG["ssl_cert_reqs"]:
54+
connection_params["ssl_cert_reqs"] = _get_ssl_cert_reqs(REDIS_CFG["ssl_cert_reqs"])
3455
else:
3556
redis_class: Type[Union[Redis, RedisCluster]] = redis.Redis
3657
connection_params = {
@@ -40,15 +61,22 @@ def get_connection(cls, decode_responses=True) -> Redis:
4061
"username": REDIS_CFG["username"],
4162
"password": REDIS_CFG["password"],
4263
"ssl": REDIS_CFG["ssl"],
43-
"ssl_ca_path": REDIS_CFG["ssl_ca_path"],
44-
"ssl_keyfile": REDIS_CFG["ssl_keyfile"],
45-
"ssl_certfile": REDIS_CFG["ssl_certfile"],
46-
"ssl_cert_reqs": REDIS_CFG["ssl_cert_reqs"],
47-
"ssl_ca_certs": REDIS_CFG["ssl_ca_certs"],
4864
"decode_responses": decode_responses,
4965
"lib_name": f"redis-py(mcp-server_v{__version__})",
5066
"max_connections": 10
5167
}
68+
69+
# Add SSL parameters only if they are not None
70+
if REDIS_CFG["ssl_ca_path"]:
71+
connection_params["ssl_ca_path"] = REDIS_CFG["ssl_ca_path"]
72+
if REDIS_CFG["ssl_keyfile"]:
73+
connection_params["ssl_keyfile"] = REDIS_CFG["ssl_keyfile"]
74+
if REDIS_CFG["ssl_certfile"]:
75+
connection_params["ssl_certfile"] = REDIS_CFG["ssl_certfile"]
76+
if REDIS_CFG["ssl_ca_certs"]:
77+
connection_params["ssl_ca_certs"] = REDIS_CFG["ssl_ca_certs"]
78+
if REDIS_CFG["ssl_cert_reqs"]:
79+
connection_params["ssl_cert_reqs"] = _get_ssl_cert_reqs(REDIS_CFG["ssl_cert_reqs"])
5280

5381
cls._instance = redis_class(**connection_params)
5482

0 commit comments

Comments
 (0)