Add redis SSL configuration options (#15312)

* Add SSL options to redis config * fix lint issues * Add documentation and changelog file * add missing . at the end of the changelog * Move client context factory to new file * Rename ssl to tls and fix typo * fix lint issues * Added when redis attributes were added
author: Roel ter Maat <roel.termaat@nedap.com> 2023-05-11 14:02:51 +0200
committer: GitHub <noreply@github.com> 2023-05-11 13:02:51 +0100
commit: 2611433b70fc30c436f6b9b950a3bcc533b3df5b (patch)
tree: ae8d8e09b921582db255e303422f036ea615d4a9 /synapse/replication/tcp/handler.py
parent: Require at least poetry-core v1.2.0 (#15566) (diff)
download: synapse-2611433b70fc30c436f6b9b950a3bcc533b3df5b.tar.xz
1 files changed, 22 insertions, 7 deletions
diff --git a/synapse/replication/tcp/handler.py b/synapse/replication/tcp/handler.py
index 2290b3e6fe..233ad61d49 100644
--- a/synapse/replication/tcp/handler.py
+++ b/synapse/replication/tcp/handler.py
@@ -46,6 +46,7 @@ from synapse.replication.tcp.commands import (
     UserIpCommand,
     UserSyncCommand,
 )
+from synapse.replication.tcp.context import ClientContextFactory
 from synapse.replication.tcp.protocol import IReplicationConnection
 from synapse.replication.tcp.streams import (
     STREAMS_MAP,
@@ -348,13 +349,27 @@ class ReplicationCommandHandler:
             outbound_redis_connection,
             channel_names=self._channels_to_subscribe_to,
         )
-        hs.get_reactor().connectTCP(
-            hs.config.redis.redis_host,
-            hs.config.redis.redis_port,
-            self._factory,
-            timeout=30,
-            bindAddress=None,
-        )
+
+        reactor = hs.get_reactor()
+        redis_config = hs.config.redis
+        if hs.config.redis.redis_use_tls:
+            ssl_context_factory = ClientContextFactory(hs.config.redis)
+            reactor.connectSSL(
+                redis_config.redis_host,
+                redis_config.redis_port,
+                self._factory,
+                ssl_context_factory,
+                timeout=30,
+                bindAddress=None,
+            )
+        else:
+            reactor.connectTCP(
+                redis_config.redis_host,
+                redis_config.redis_port,
+                self._factory,
+                timeout=30,
+                bindAddress=None,
+            )
 
     def get_streams(self) -> Dict[str, Stream]:
         """Get a map from stream name to all streams."""
author	Roel ter Maat <roel.termaat@nedap.com>	2023-05-11 14:02:51 +0200
committer	GitHub <noreply@github.com>	2023-05-11 13:02:51 +0100
commit	2611433b70fc30c436f6b9b950a3bcc533b3df5b (patch)
tree	ae8d8e09b921582db255e303422f036ea615d4a9 /synapse/replication/tcp/handler.py
parent	Require at least poetry-core v1.2.0 (#15566) (diff)
download	synapse-2611433b70fc30c436f6b9b950a3bcc533b3df5b.tar.xz