Skip to content

Add support for insecure TLS connections #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
currantw merged 13 commits into from
Dec 17, 2025
Merged

Add support for insecure TLS connections #164

currantw merged 13 commits into from
Dec 17, 2025

Conversation

@currantw
Copy link
Collaborator

@currantw currantw commented Dec 16, 2025
edited
Loading

Summary

Fixes #163: Adds support for insecure TLS mode.

Changes

  • Added ConnectionConfiguration.UseInsecureTls property: Boolean property with validation.
  • Added ConnectionConfiguration.WithInsecureTls() method: builder for enabling/disabling insecure mode.
  • Updated ConnectionConfiguration.UseTls property: Now handles both SecureTls and InsecureTls.
  • Added new unit and integration tests. See the Testing for details.
var config = new StandaloneClientConfigurationBuilder();

// Enable insecure TLS using fluent methods:
config.WithTls().WithInsecureTls();

// Enable insecure TLS using properties:
builder.UseTls = true;
builder.UseInsecureTls = true;

Testing

  • Add 5 new unit tests that cover default behaviour, enable/disable, validation, and property interactions.
  • Added 2 new integration tests to verify insecure TLS for cluster and standalone.

✅ All tests pass on .NET 8.0.

See Also

⚪ None

@currantw currantw requested a review from a team as a code owner December 16, 2025 00:59
@currantw currantw requested a review from Copilot December 16, 2025 00:59
currantw
currantw commented Dec 16, 2025
View reviewed changes
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for insecure TLS connections by introducing a new UseInsecureTls configuration option that allows bypassing certificate verification when connecting to Valkey servers via TLS. This is intended for development and testing environments where self-signed certificates are used.

Key changes:

  • Added UseInsecureTls property and WithInsecureTls() fluent method for configuring insecure TLS mode
  • Converted TlsMode from nullable to non-nullable enum with explicit NoTls, InsecureTls, and SecureTls values
  • Updated UseTls property logic to handle both secure and insecure TLS modes

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
sources/Valkey.Glide/ConnectionConfiguration.cs Adds UseInsecureTls property and WithInsecureTls() method; updates UseTls property to handle multiple TLS modes
sources/Valkey.Glide/Internals/FFI.structs.cs Adds InsecureTls enum value and changes TlsMode from nullable to non-nullable type
tests/Valkey.Glide.UnitTests/ConnectionConfigurationTests.cs Adds 5 unit tests for insecure TLS functionality and updates existing TLS tests to verify explicit enum values
tests/Valkey.Glide.UnitTests/ConnectionMultiplexerReadFromMappingTests.cs Updates assertion to verify exact SecureTls mode instead of just non-null
tests/Valkey.Glide.IntegrationTests/TlsTests.cs Adds integration tests for cluster and standalone insecure TLS connections

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

xShinnRyuu
xShinnRyuu reviewed Dec 16, 2025
View reviewed changes
xShinnRyuu
xShinnRyuu reviewed Dec 16, 2025
View reviewed changes
xShinnRyuu
xShinnRyuu reviewed Dec 16, 2025
View reviewed changes
xShinnRyuu
xShinnRyuu reviewed Dec 16, 2025
View reviewed changes
@currantw
Remove unused HasTlsMode attribute
42b678a 
Signed-off-by: currantw <[email protected]>
@currantw
Refactor unit tests to cover all state changes and add tests for `Use…
90b3c6f 
…Tls` and `UseInsecureTls` property setters.

Signed-off-by: currantw <[email protected]>
@currantw
Update documentation for UseInsecureTls to make it more explicit th…
bb83362 
…at TLS much be enabled first.

Signed-off-by: currantw <[email protected]>
@currantw currantw self-assigned this Dec 16, 2025
xShinnRyuu
xShinnRyuu approved these changes Dec 16, 2025
View reviewed changes
Copy link
Collaborator

@xShinnRyuu xShinnRyuu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

xShinnRyuu
xShinnRyuu reviewed Dec 16, 2025
View reviewed changes
@currantw
Restored the HasTlsMode parameter. It is necessary because the corres…
4c4193b 
…ponding parameter on the Rust side is type Option<TlsMode>, so it is needed for Rust to parse the value and causes alignment issues on the Rust side when omitted.

Signed-off-by: currantw <[email protected]>
@currantw
Added tests Standalone_WithInsecureTls_NoTlsServerThrows and `Clust…
9d03eb0 
…er_WithInsecureTls_NoTlsServerThrows` to `TlsTests`.

Signed-off-by: currantw <[email protected]>
xShinnRyuu
xShinnRyuu approved these changes Dec 17, 2025
View reviewed changes
Copy link
Collaborator

@xShinnRyuu xShinnRyuu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM again

@currantw currantw merged commit ecf50be into valkey-io:main Dec 17, 2025
12 checks passed
@currantw currantw deleted the currantw/tls_insecure branch December 17, 2025 02:12
currantw added a commit that referenced this pull request Jan 2, 2026
@currantw
Add support for insecure TLS connections (#164)
9de5530 
Signed-off-by: currantw <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@xShinnRyuu xShinnRyuu xShinnRyuu approved these changes

@yipin-chen yipin-chen yipin-chen approved these changes

@prateek-kumar-improving prateek-kumar-improving prateek-kumar-improving approved these changes

@jduo jduo Awaiting requested review from jduo

@affonsov affonsov Awaiting requested review from affonsov

Assignees

@currantw currantw

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Support for Insecure TLS Connections

4 participants

@currantw @xShinnRyuu @yipin-chen @prateek-kumar-improving