From d50291e2907b59e2cebe5e7b85d9ab29da475ca5 Mon Sep 17 00:00:00 2001 From: Kevin Fwu Date: Wed, 27 May 2020 08:53:29 -0400 Subject: [PATCH 1/2] Fix TLS certificate loading for chained certificates. This impacts client verification for chained certificates (such as Lets Encrypt certificates). Client Verify requires the full chain in order to properly verify the certificate. --- src/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls.c b/src/tls.c index 28a74df9a..a62f2284e 100644 --- a/src/tls.c +++ b/src/tls.c @@ -217,7 +217,7 @@ int tlsConfigure(redisTLSContextConfig *ctx_config) { SSL_CTX_set_ecdh_auto(ctx, 1); #endif - if (SSL_CTX_use_certificate_file(ctx, ctx_config->cert_file, SSL_FILETYPE_PEM) <= 0) { + if (SSL_CTX_use_certificate_chain_file(ctx, ctx_config->cert_file) <= 0) { ERR_error_string_n(ERR_get_error(), errbuf, sizeof(errbuf)); serverLog(LL_WARNING, "Failed to load certificate: %s: %s", ctx_config->cert_file, errbuf); goto error; From 8422c4f9d6e163a77e01a6d1ad9cc415b85dbbaa Mon Sep 17 00:00:00 2001 From: Oran Agra Date: Sun, 31 May 2020 15:51:52 +0300 Subject: [PATCH 2/2] fix pingoff test race --- tests/integration/psync2-pingoff.tcl | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/psync2-pingoff.tcl b/tests/integration/psync2-pingoff.tcl index 5a9a46d16..cdecfc5c6 100644 --- a/tests/integration/psync2-pingoff.tcl +++ b/tests/integration/psync2-pingoff.tcl @@ -64,6 +64,7 @@ start_server {} { # make sure replication is still alive and kicking $R(1) incr x wait_for_condition 50 1000 { + [status $R(0) loading] == 0 && [$R(0) get x] == 1 } else { fail "replica didn't get incr"