Add OrchardCore_Redis:DisableCertificateVerification option (#15077) (#…

…15084)
OrchardCMS · Jan 13, 2024 · dd71360 · dd71360
1 parent e33c5ed
commit dd71360
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/src/OrchardCore.Cms.Web/appsettings.json b/src/OrchardCore.Cms.Web/appsettings.json
@@ -79,7 +79,8 @@
     // See https://stackexchange.github.io/StackExchange.Redis/Configuration.html
     //"OrchardCore_Redis": {
     //  "Configuration": "192.168.99.100:6379,allowAdmin=true", // Redis Configuration string.
-    //  "InstancePrefix": "" // Optional prefix allowing a Redis instance to be shared by different applications.
+    //  "InstancePrefix": "", // Optional prefix allowing a Redis instance to be shared by different applications.
+    //  "DisableCertificateVerification": false // Disable SSL/TLS certificate verification.
     //},
     // See https://docs.orchardcore.net/en/latest/docs/reference/modules/Security/#security-settings-configuration to configure security settings.
     //"OrchardCore_Security": {

diff --git a/src/OrchardCore.Modules/OrchardCore.Redis/Startup.cs b/src/OrchardCore.Modules/OrchardCore.Redis/Startup.cs
@@ -1,8 +1,11 @@
 using System;
 using System.Linq;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.DataProtection.KeyManagement;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -35,9 +38,16 @@ public override void ConfigureServices(IServiceCollection services)
         {
             try
             {
-                var configuration = _configuration["OrchardCore_Redis:Configuration"];
+                var section = _configuration.GetSection("OrchardCore_Redis");
+
+                var configuration = section["Configuration"];
                 var configurationOptions = ConfigurationOptions.Parse(configuration);
-                var instancePrefix = _configuration["OrchardCore_Redis:InstancePrefix"];
+                var instancePrefix = section["InstancePrefix"];
+
+                if (section.GetValue("DisableCertificateVerification", false))
+                {
+                    configurationOptions.CertificateValidation += IgnoreCertificateErrors;
+                }
 
                 services.Configure<RedisOptions>(options =>
                 {
@@ -56,6 +66,11 @@ public override void ConfigureServices(IServiceCollection services)
             services.AddSingleton<IModularTenantEvents>(sp => sp.GetRequiredService<IRedisService>());
             services.AddSingleton<IRedisDatabaseFactory, RedisDatabaseFactory>();
         }
+
+        // Callback for accepting any certificate as long as it exists, while ignoring other SSL policy errors.
+        // This allows the use of self-signed certificates on the Redis server.
+        private static bool IgnoreCertificateErrors(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+            => (sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) == 0;
     }
 
     [Feature("OrchardCore.Redis.Cache")]