ssl_cert_reqs seems to not work #674
Description
I have:
RQ_QUEUES = {
"default": {
"DEFAULT_TIMEOUT": datetime.timedelta(hours=1).seconds,
"URL": REDIS_URL,
}
}
if REDIS_URL.startswith("rediss://"): # pragma: no cover
RQ_QUEUES["default"]["REDIS_CLIENT_KWARGS"] = {"ssl_cert_reqs": None}I have checked:
>>> settings.RQ_QUEUES
{'default': {'DEFAULT_TIMEOUT': 3600, 'URL': 'rediss://:secret@esecret:11640', 'REDIS_CLIENT_KWARGS': {'ssl_cert_reqs': None}}}But when I try to queue an email I get a traceback:
Traceback (most recent call last):
File "/app/.heroku/python/lib/python3.12/site-packages/redis/connection.py", line 277, in connect
sock = self.retry.call_with_retry(
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/redis/retry.py", line 62, in call_with_retry
return do()
^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/redis/connection.py", line 278, in <lambda>
lambda: self._connect(), lambda error: self.disconnect(error)
^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/redis/connection.py", line 748, in _connect
sslsock = context.wrap_socket(sock, server_hostname=self.host)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/ssl.py", line 1042, in _create
self.do_handshake()
File "/app/.heroku/python/lib/python3.12/ssl.py", line 1320, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/app/.heroku/python/lib/python3.12/site-packages/django/core/mail/__init__.py", line 88, in send_mail
return mail.send()
^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/django/core/mail/message.py", line 301, in send
return self.get_connection(fail_silently).send_messages([self])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/django_rq_email_backend/backends.py", line 13, in send_messages
return [send_email.delay(message, **kwargs) for message in email_messages]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/rq/decorators.py", line 104, in delay
return queue.enqueue_call(
^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/django_rq/queues.py", line 68, in enqueue_call
return self.original_enqueue_call(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/django_rq/queues.py", line 64, in original_enqueue_call
return super(DjangoRQ, self).enqueue_call(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/rq/queue.py", line 719, in enqueue_call
return self.enqueue_job(job, pipeline=pipeline, at_front=at_front)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/rq/queue.py", line 1094, in enqueue_job
return self._enqueue_job(job, pipeline=pipeline, at_front=at_front)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/rq/queue.py", line 1114, in _enqueue_job
job.redis_server_version = self.get_redis_server_version()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/rq/queue.py", line 208, in get_redis_server_version
self.redis_server_version = get_version(self.connection)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/rq/utils.py", line 293, in get_version
tuple(int(i) for i in str(connection.info("server")["redis_version"]).split('.')[:3]),
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/redis/commands/core.py", line 996, in info
return self.execute_command("INFO", section, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/redis/client.py", line 545, in execute_command
conn = self.connection or pool.get_connection(command_name, **options)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.heroku/python/lib/python3.12/site-packages/redis/connection.py", line 1074, in get_connection
connection.connect()
File "/app/.heroku/python/lib/python3.12/site-packages/redis/connection.py", line 283, in connect
raise ConnectionError(self._error_message(e))
redis.exceptions.ConnectionError: Error 1 connecting to secret:11640. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000).I have my Django cache set up in the same way:
CACHES: dict[str, typing.Any] = {
"default": {
"BACKEND": "django.core.cache.backends.redis.RedisCache",
"LOCATION": REDIS_URL,
}
}
if REDIS_URL.startswith("rediss://"): # pragma: no cover
CACHES["default"]["OPTIONS"] = {"ssl_cert_reqs": None}And I confirmed this is working properly:
>>> cache.set("a", True)
>>> cache.get("a")
True