Symfony version(s) affected

5.4

Description

Hi all,

I'm trying to use Heroku's Redis v6 TLS for caching with predis/predis v1.1. Heroku self signs certificates and instructs to skip peer verification by adding ?ssl[verify_peer_name]=0&ssl[verify_peer]=0 to redis dsn string when using Predis.

The connection fails due to failed certificate verification.

How to reproduce

The project is configured to use free Heroku Redis v6 TLS with predis/predis v1.1 and symfony/cache 5.4.

Clone repo: https://github.com/pavleocom/bug-symfony-cache-predis

cd into root directory

composer install

Run in console: php -S localhost:8081 -t public/

Go to http://localhost:8081/test-cache in your browser, refresh a few times

Return to console to find errors similar to these:

[Thu May 26 19:21:54 2022] [warning] Failed to fetch key "test": Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

[Thu May 26 19:21:54 2022] [info] Lock acquired, now computing item "test"

[Thu May 26 19:21:54 2022] [warning] Failed to save key "test" of type array: Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:

Possible Solution

It seems ssl configurations need to be passed as part of the first parameter of Predis/Client:

// Named array of connection parameters:
$client = new Predis\Client([
  'scheme' => 'tls',
  'ssl'    => ['cafile' => 'private.pem', 'verify_peer' => true],
]);

// Same set of parameters, but using an URI string:
$client = new Predis\Client('tls://127.0.0.1?ssl[cafile]=private.pem&ssl[verify_peer]=1');

Source: https://github.com/predis/predis (Connecting to Redis)

But ssl configurations are being passed as part of the second parameter of Predis/Client only:

https://github.com/symfony/cache/blob/5.4/Traits/RedisTrait.php#L326

Additional Context

No response