kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Make sure it's clear to avoid VERIFY_NONE generally

Browse source 
We don't want to make this easily copy&paste-able to avoid people
unnecessarily using this mode without fully understanding the
implications.

Also updated the docs to link to ruby-lang.org version for OpenSSL.
This commit is contained in:
Zachary Scott 2021-05-18 07:37:30 +09:00
parent 4b1d38980a
commit fa41244f8e
1 changed files with 6 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
guides/source/action_cable_overview.md
View file

@ -723,7 +723,7 @@ The Redis adapter requires users to provide a URL pointing to the Redis server.
Additionally, a `channel_prefix` may be provided to avoid channel name collisions
when using the same Redis server for multiple applications. See the [Redis PubSub documentation](https://redis.io/topics/pubsub#database-amp-scoping) for more details.
The Redis adapter also support SSL/TLS connections. The required SSL/TLS parameters can be be passed in `ssl_params` key in the configuration yaml file.
The Redis adapter also supports SSL/TLS connections. The required SSL/TLS parameters can be be passed in `ssl_params` key in the configuration yaml file.
```
production:
@ -735,20 +735,12 @@ production:
}
```
The options given to `ssl_params` are passed directly to the OpenSSL::SSL::SSLContext#set_params method and can be any valid attribute of the SSL context.
Please see [OpenSSL::SSL::SSLContext documentation](https://ruby-doc.org/stdlib-2.7.0/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html) for other available
attributes. If you are using self signed certificates for redis adapter under a firewall and opt to skip certificate check, then the ssl `verify_mode` should be
set as OpenSSL::SSL::VERIFY_NONE.
The options given to `ssl_params` are passed directly to the `OpenSSL::SSL::SSLContext#set_params` method and can be any valid attribute of the SSL context.
Please refer to the [OpenSSL::SSL::SSLContext documentation](https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html) for other available attributes.
```
production:
adapter: redis
url: rediss://10.10.3.153:tls_port
channel_prefix: appname_production
ssl_params: {
verify_mode: <%= OpenSSL::SSL::VERIFY_NONE %>
}
```
If you are using self-signed certificates for redis adapter behind a firewall and opt to skip certificate check, then the ssl `verify_mode` should be set as `OpenSSL::SSL::VERIFY_NONE`.
WARNING: It is not recommended to use `VERIFY_NONE` in production unless you absolutely understand the security implications. In order to set this option for the Redis adapter, the config should be `ssl_params: { <%= OpenSSL::SSL::VERIFY_NONE %> }`.
##### PostgreSQL Adapter