We're trying to connect to a Heroku Redis instance from PHP (using phpredis (not predis)). This works fine on Redis v4 but trying to upgrade to Redis v6 which requires TLS. We're doing this to manage sessions, so using ini_set to set the redis url.
$parsed = parse_url(getenv('REDIS_URL'));
$protocol = ($parsed['scheme'] === 'rediss' ? 'tls' : 'tcp');
$redisUrl = "{$protocol}://{$parsed['host']}:{$parsed['port']}?auth={$parsed['pass']}";
ini_set("session.save_path", $redisUrl);
ini_set("session.save_handler", "redis");
We get this error message though:
session_start(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
I've tried changing the Redis url line to:
$redisUrl = "{$protocol}://{$parsed['host']}:{$parsed['port']}?auth={$parsed['pass']}&stream[verify_peer]=0&stream[verify_peer_name]=0&ssl[verify_peer]=0&ssl[verify_peer_name]=0&verify_peer=0&verify_peer_name=0";
To not verify the ssl peer, but still throws the error.
Using php 7.4, phpredis 5.3.4
Anyone know how to disable the verify_peer on phpredis?
CodePudding user response:
If certificate is self signed, add ssl[allow_self_signed]=1
$redisUrl = "{$protocol}://{$parsed['host']}:{$parsed['port']}?auth={$parsed['pass']}&ssl[verify_peer_name]=0&ssl[verify_peer]=0";
$redisUrl .= "&ssl[allow_self_signed]=1";
UPD:
- Download https://curl.haxx.se/ca/cacert.pem
$redisUrl = "{$protocol}://{$parsed['host']}:{$parsed['port']}?auth={$parsed['pass']}&ssl[cafile]=<path_from_1>";
CodePudding user response:
are you sure about that the protocol is tls?
the used client is unneccessary in this context because PHP handles the connection to the Redis. Its always through the php redis extension.
Could you check if PHP is compiled with redis session support? There should be a option
Registered save handlers
files user memcached redis rediscluster
BR
Sebastian