Skip to content

Adding TLS options to Redis & mailer connections#2322

Open
rhclayto wants to merge 4 commits intogo-vikunja:mainfrom
rhclayto:main
Open

Adding TLS options to Redis & mailer connections#2322
rhclayto wants to merge 4 commits intogo-vikunja:mainfrom
rhclayto:main

Conversation

@rhclayto
Copy link
Contributor

@rhclayto rhclayto commented Feb 28, 2026
edited by kolaente
Loading

Resolves #2321
Resolves #2323

@rhclayto rhclayto mentioned this pull request Feb 28, 2026
Open
1 task
@rhclayto rhclayto changed the title Adding TLS options to Redis connection. Adding TLS options to Redis & mailer connections Feb 28, 2026
@rhclayto rhclayto mentioned this pull request Feb 28, 2026
Open
1 task
kolaente
kolaente requested changes Mar 2, 2026
View reviewed changes
Copy link
Member

@kolaente kolaente left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! Please see my suggestions below.

pkg/config/config.go Outdated
MailerQueuelength Key = `mailer.queuelength`
MailerQueueTimeout Key = `mailer.queuetimeout`
MailerForceSSL Key = `mailer.forcessl`
MailerTLSClientCert Key = `mailer.tlsclientcert`
Copy link
Member

@kolaente kolaente Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This (and the other new variables) should end on path to make it clear that these expect file paths to certs, not actual certificate strings.

@github-actions
Copy link

github-actions bot commented Mar 5, 2026

Preview Deployment

Preview deployments for this PR are available at:

URL Tag Commit
https://pr-2322.preview.vikunja.dev ghcr.io/go-vikunja/vikunja:pr-2322 latest
https://sha-5f75ea633c63075356af9194414ddffacf422057.preview.vikunja.dev ghcr.io/go-vikunja/vikunja:sha-5f75ea633c63075356af9194414ddffacf422057 5f75ea6

The preview environment will start automatically on first visit. Subsequent pushes to this PR will update the pr-2322 image — the preview picks up the new version on restart. The per-commit URLs point to a specific version and will not change.

Run locally with Docker 
docker pull ghcr.io/go-vikunja/vikunja:pr-2322
docker run -p 3456:3456 ghcr.io/go-vikunja/vikunja:pr-2322

Last updated for commit 5f75ea6

@rhclayto rhclayto requested a review from kolaente March 9, 2026 18:00
kolaente
kolaente requested changes Mar 10, 2026
View reviewed changes
pkg/mail/mail.go
//#nosec G402
InsecureSkipVerify: config.MailerSkipTLSVerify.GetBool(),
ServerName: config.MailerHost.GetString(),
MinVersion: tls.VersionTLS12,
Copy link
Member

@kolaente kolaente Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change?

This is a breaking change, we can't just add it like this.

pkg/red/redis.go
}

if config.RedisTLS.GetBool() {
tlsConfig := &tls.Config{
Copy link
Member

@kolaente kolaente Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like the two ways the TLS config is set up is pretty much the same for redis and mail, just the inputs are different. Can you make that a helper function?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolaente kolaente kolaente requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

waiting for reply

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Add TLS client certificate options to the mailer connection feat: Add TLS options to the Redis connection

2 participants

@rhclayto @kolaente