diff --git a/redis/asyncio/client.py b/redis/asyncio/client.py index a35a5f1f8c..3f35fdd59e 100644 --- a/redis/asyncio/client.py +++ b/redis/asyncio/client.py @@ -81,9 +81,10 @@ ) if TYPE_CHECKING and SSL_AVAILABLE: - from ssl import TLSVersion + from ssl import TLSVersion, VerifyMode else: TLSVersion = None + VerifyMode = None PubSubHandler = Callable[[Dict[str, str]], Awaitable[None]] _KeyT = TypeVar("_KeyT", bound=KeyT) @@ -228,7 +229,7 @@ def __init__( ssl: bool = False, ssl_keyfile: Optional[str] = None, ssl_certfile: Optional[str] = None, - ssl_cert_reqs: str = "required", + ssl_cert_reqs: Union[str, VerifyMode] = "required", ssl_ca_certs: Optional[str] = None, ssl_ca_data: Optional[str] = None, ssl_check_hostname: bool = False, diff --git a/redis/asyncio/cluster.py b/redis/asyncio/cluster.py index 11f86cceb4..28fcd3aa23 100644 --- a/redis/asyncio/cluster.py +++ b/redis/asyncio/cluster.py @@ -75,9 +75,10 @@ ) if SSL_AVAILABLE: - from ssl import TLSVersion + from ssl import TLSVersion, VerifyMode else: TLSVersion = None + VerifyMode = None TargetNodesT = TypeVar( "TargetNodesT", str, "ClusterNode", List["ClusterNode"], Dict[Any, "ClusterNode"] @@ -268,7 +269,7 @@ def __init__( ssl: bool = False, ssl_ca_certs: Optional[str] = None, ssl_ca_data: Optional[str] = None, - ssl_cert_reqs: str = "required", + ssl_cert_reqs: Union[str, VerifyMode] = "required", ssl_certfile: Optional[str] = None, ssl_check_hostname: bool = False, ssl_keyfile: Optional[str] = None, diff --git a/redis/asyncio/connection.py b/redis/asyncio/connection.py index 66dbd09b61..ddf58cb1c6 100644 --- a/redis/asyncio/connection.py +++ b/redis/asyncio/connection.py @@ -768,7 +768,7 @@ def __init__( self, ssl_keyfile: Optional[str] = None, ssl_certfile: Optional[str] = None, - ssl_cert_reqs: str = "required", + ssl_cert_reqs: Union[str, ssl.VerifyMode] = "required", ssl_ca_certs: Optional[str] = None, ssl_ca_data: Optional[str] = None, ssl_check_hostname: bool = False, @@ -842,7 +842,7 @@ def __init__( self, keyfile: Optional[str] = None, certfile: Optional[str] = None, - cert_reqs: Optional[str] = None, + cert_reqs: Optional[Union[str, ssl.VerifyMode]] = None, ca_certs: Optional[str] = None, ca_data: Optional[str] = None, check_hostname: bool = False, @@ -855,7 +855,7 @@ def __init__( self.keyfile = keyfile self.certfile = certfile if cert_reqs is None: - self.cert_reqs = ssl.CERT_NONE + cert_reqs = ssl.CERT_NONE elif isinstance(cert_reqs, str): CERT_REQS = { # noqa: N806 "none": ssl.CERT_NONE, @@ -866,7 +866,8 @@ def __init__( raise RedisError( f"Invalid SSL Certificate Requirements Flag: {cert_reqs}" ) - self.cert_reqs = CERT_REQS[cert_reqs] + cert_reqs = CERT_REQS[cert_reqs] + self.cert_reqs = cert_reqs self.ca_certs = ca_certs self.ca_data = ca_data self.check_hostname = check_hostname diff --git a/redis/client.py b/redis/client.py index 9fb89ec5cd..e9435d33ef 100755 --- a/redis/client.py +++ b/redis/client.py @@ -211,7 +211,7 @@ def __init__( ssl: bool = False, ssl_keyfile: Optional[str] = None, ssl_certfile: Optional[str] = None, - ssl_cert_reqs: str = "required", + ssl_cert_reqs: Union[str, "ssl.VerifyMode"] = "required", ssl_ca_certs: Optional[str] = None, ssl_ca_path: Optional[str] = None, ssl_ca_data: Optional[str] = None, diff --git a/redis/connection.py b/redis/connection.py index f754a5165a..87aa986d17 100644 --- a/redis/connection.py +++ b/redis/connection.py @@ -1017,7 +1017,7 @@ def __init__( Args: ssl_keyfile: Path to an ssl private key. Defaults to None. ssl_certfile: Path to an ssl certificate. Defaults to None. - ssl_cert_reqs: The string value for the SSLContext.verify_mode (none, optional, required). Defaults to "required". + ssl_cert_reqs: The string value for the SSLContext.verify_mode (none, optional, required), or an ssl.VerifyMode. Defaults to "required". ssl_ca_certs: The path to a file of concatenated CA certificates in PEM format. Defaults to None. ssl_ca_data: Either an ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates. ssl_check_hostname: If set, match the hostname during the SSL handshake. Defaults to False.