SSL 连接示例#

通过 SSL 连接到 Redis 实例。#

[5]:

import redis

ssl_connection = redis.Redis(host='localhost', port=6666, ssl=True, ssl_cert_reqs="none")
ssl_connection.ping()

[5]:

True

通过 URL 字符串连接到 Redis 实例#

[ ]:

import redis
url_connection = redis.from_url("redis://localhost:6379?ssl_cert_reqs=none&decode_responses=True&health_check_interval=2")
url_connection.ping()

使用 ConnectionPool 连接到 Redis 实例#

[ ]:

import redis
redis_pool = redis.ConnectionPool(host="localhost", port=6666, connection_class=redis.SSLConnection)
ssl_connection = redis.StrictRedis(connection_pool=redis_pool)
ssl_connection.ping()

通过 SSL 连接到 Redis 实例，同时指定自签名 SSL 证书。#

[6]:

import os
import redis

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_ca_certs=ssl_ca_certs,
)
ssl_cert_conn.ping()

[6]:

True

通过 SSL 连接到 Redis 实例，并验证证书的 OCSP 状态#

redis 包的设计目标是保持体积小巧，这意味着为了支持 OCSP 钉扎，需要安装额外的库。因此，首先通过以下命令安装 redis：

pip install redis[ocsp]

这将安装 cryptography、requests 和 PyOpenSSL，这些库通常不需要用于 Redis。

[ ]:

import os
import redis

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_validate_ocsp=True
)
ssl_cert_conn.ping()

True

通过 SSL 连接，验证 OCSP 钉扎证书#

redis 包的设计目标是保持体积小巧，这意味着为了支持 OCSP 钉扎，需要安装额外的库。因此，首先通过以下命令安装 redis：

pip install redis[ocsp]

这将安装 cryptography、requests 和 PyOpenSSL，这些库通常不需要用于 Redis。

使用自定义 SSL 上下文并针对预期证书进行验证#

[ ]:

import redis
import OpenSSL

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"

# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile
expected_certificate = open(ssl_expected_certificate, 'rb').read()

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_ocsp_context=ctx,
    ssl_ocsp_expected_cert=expected_certificate,
)
ssl_cert_conn.ping()

True

对钉扎的 OCSP 证书进行简单验证#

[ ]:

import redis
import OpenSSL

ssl_certfile="some-certificate.pem"
ssl_keyfile="some-key.pem"
ssl_ca_certs=ssl_certfile
ssl_expected_certificate = "expected-ocsp-certificate.pem"

# PyOpenSSL is used only for the purpose of validating the ocsp
# stapled response
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.use_certificate_file=ssl_certfile
ctx.use_privatekey_file=ssl_keyfile

ssl_cert_conn = redis.Redis(
    host="localhost",
    port=6666,
    ssl=True,
    ssl_certfile=ssl_certfile,
    ssl_keyfile=ssl_keyfile,
    ssl_cert_reqs="required",
    ssl_validate_ocsp_stapled=True,
)
ssl_cert_conn.ping()