chore: use tls.ConnectionOptions instead of tls.SecureContextOptions for TLS options (#1312)

bwalendz · web-flow · commit afd0c8766c25 · 2021-03-29T17:00:44.000+08:00
Allows sentinel connections to use all available TLS options

ConnectionOptions is used by tls.connect()

ConnectionOptions extends SecureContextOptions, CommonConnectionOptions
diff --git a/lib/connectors/SentinelConnector/index.ts b/lib/connectors/SentinelConnector/index.ts
@@ -6,7 +6,7 @@ import {
   sample,
   Debug,
 } from "../../utils";
-import { connect as createTLSConnection, SecureContextOptions } from "tls";
+import { connect as createTLSConnection, ConnectionOptions } from "tls";
 import {
   ITcpConnectionOptions,
   isIIpcConnectionOptions,
@@ -42,7 +42,7 @@ export interface ISentinelConnectionOptions extends ITcpConnectionOptions {
   preferredSlaves?: PreferredSlaves;
   connectTimeout?: number;
   enableTLSForSentinelMode?: boolean;
-  sentinelTLS?: SecureContextOptions;
+  sentinelTLS?: ConnectionOptions;
   natMap?: INatMap;
   updateSentinels?: boolean;
 }
diff --git a/lib/connectors/StandaloneConnector.ts b/lib/connectors/StandaloneConnector.ts
@@ -1,5 +1,5 @@
 import { createConnection, TcpNetConnectOpts, IpcNetConnectOpts } from "net";
-import { connect as createTLSConnection, SecureContextOptions } from "tls";
+import { connect as createTLSConnection, ConnectionOptions } from "tls";
 import { CONNECTION_CLOSED_ERROR_MSG } from "../utils";
 import AbstractConnector, { ErrorEmitter } from "./AbstractConnector";
 import { NetStream } from "../types";
@@ -11,11 +11,11 @@ export function isIIpcConnectionOptions(
 }
 
 export interface ITcpConnectionOptions extends TcpNetConnectOpts {
-  tls?: SecureContextOptions;
+  tls?: ConnectionOptions;
 }
 
 export interface IIpcConnectionOptions extends IpcNetConnectOpts {
-  tls?: SecureContextOptions;
+  tls?: ConnectionOptions;
 }
 
 export default class StandaloneConnector extends AbstractConnector {
diff --git a/test/functional/tls.ts b/test/functional/tls.ts
@@ -15,6 +15,10 @@ describe("tls option", () => {
         // @ts-ignore
         expect(op.ca).to.eql("123");
         // @ts-ignore
+        expect(op.servername).to.eql("localhost");
+        // @ts-ignore
+        expect(op.rejectUnauthorized).to.eql(false);
+        // @ts-ignore
         expect(op.port).to.eql(6379);
         const stream = net.createConnection(op);
         stream.on("connect", (data) => {
@@ -23,7 +27,9 @@ describe("tls option", () => {
         return stream;
       });
 
-      redis = new Redis({ tls: { ca: "123" } });
+      redis = new Redis({
+        tls: { ca: "123", servername: "localhost", rejectUnauthorized: false },
+      });
       redis.on("ready", () => {
         redis.disconnect();
         stub.restore();
@@ -68,6 +74,10 @@ describe("tls option", () => {
       const stub = sinon.stub(tls, "connect").callsFake((op) => {
         // @ts-ignore
         expect(op.ca).to.eql("123");
+        // @ts-ignore
+        expect(op.servername).to.eql("localhost");
+        // @ts-ignore
+        expect(op.rejectUnauthorized).to.eql(false);
         redis.disconnect();
         stub.restore();
         process.nextTick(done);
@@ -77,7 +87,7 @@ describe("tls option", () => {
       redis = new Redis({
         sentinels: [{ port: 27379 }],
         name: "my",
-        tls: { ca: "123" },
+        tls: { ca: "123", servername: "localhost", rejectUnauthorized: false },
         enableTLSForSentinelMode: true,
       });
     });
@@ -96,6 +106,10 @@ describe("tls option", () => {
         // @ts-ignore
         expect(op.ca).to.eql("123");
         // @ts-ignore
+        expect(op.servername).to.eql("localhost");
+        // @ts-ignore
+        expect(op.rejectUnauthorized).to.eql(false);
+        // @ts-ignore
         expect(op.port).to.eql(27379);
         const stream = net.createConnection(op);
         stream.on("connect", (data) => {
@@ -107,7 +121,11 @@ describe("tls option", () => {
       redis = new Redis({
         sentinels: [{ port: 27379 }],
         name: "my",
-        sentinelTLS: { ca: "123" },
+        sentinelTLS: {
+          ca: "123",
+          servername: "localhost",
+          rejectUnauthorized: false,
+        },
       });
       redis.on("ready", () => {
         redis.disconnect();
diff --git a/test/unit/connectors/connector.ts b/test/unit/connectors/connector.ts
@@ -32,11 +32,16 @@ describe("StandaloneConnector", () => {
       const spy = sinon.spy(tls, "connect");
       const connector = new StandaloneConnector({
         port: 6379,
-        tls: { ca: "on" },
+        tls: { ca: "on", servername: "localhost", rejectUnauthorized: false },
       });
       await connector.connect(() => {});
       expect(spy.calledOnce).to.eql(true);
-      expect(spy.firstCall.args[0]).to.eql({ port: 6379, ca: "on" });
+      expect(spy.firstCall.args[0]).to.eql({
+        port: 6379,
+        ca: "on",
+        servername: "localhost",
+        rejectUnauthorized: false,
+      });
       connector.disconnect();
     });
   });

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`import { createConnection, TcpNetConnectOpts, IpcNetConnectOpts } from "net";`
`2`		`-import { connect as createTLSConnection, SecureContextOptions } from "tls";`
	`2`	`+import { connect as createTLSConnection, ConnectionOptions } from "tls";`
`3`	`3`	`import { CONNECTION_CLOSED_ERROR_MSG } from "../utils";`
`4`	`4`	`import AbstractConnector, { ErrorEmitter } from "./AbstractConnector";`
`5`	`5`	`import { NetStream } from "../types";`
`@@ -11,11 +11,11 @@ export function isIIpcConnectionOptions(`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`export interface ITcpConnectionOptions extends TcpNetConnectOpts {`
`14`		`- tls?: SecureContextOptions;`
	`14`	`+ tls?: ConnectionOptions;`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`export interface IIpcConnectionOptions extends IpcNetConnectOpts {`
`18`		`- tls?: SecureContextOptions;`
	`18`	`+ tls?: ConnectionOptions;`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`export default class StandaloneConnector extends AbstractConnector {`