From c035fd8624dde5f369601046422aeecba577e116 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=96=87=E8=96=87=E5=AE=89?= Date: Sun, 18 Jan 2026 10:28:09 +0800 Subject: [PATCH] a --- backend/config_manager.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/backend/config_manager.py b/backend/config_manager.py index 52cd64f..a27942b 100644 --- a/backend/config_manager.py +++ b/backend/config_manager.py @@ -100,6 +100,7 @@ class ConfigManager: logger.info(f"已自动转换Redis URL为TLS格式: {redis_url}") # 解析Redis URL +<<<<<<< Current (Your changes) if redis_url.startswith('rediss://') or redis_use_tls: # TLS连接 import ssl @@ -119,6 +120,42 @@ class ConfigManager: password=redis_password, decode_responses=True ) +======= + # redis-py的同步客户端也支持通过ssl_cert_reqs等参数配置TLS + # 当URL是rediss://时,会自动启用SSL + connection_kwargs = { + 'username': redis_username, + 'password': redis_password, + 'decode_responses': True + } + + if redis_url.startswith('rediss://') or redis_use_tls: + # TLS连接 - 使用redis-py支持的SSL参数 + # 从环境变量获取SSL配置(如果未设置,使用默认值) + ssl_cert_reqs = os.getenv('REDIS_SSL_CERT_REQS', 'required') + ssl_ca_certs = os.getenv('REDIS_SSL_CA_CERTS', None) + + # 设置SSL参数 + connection_kwargs['ssl_cert_reqs'] = ssl_cert_reqs + if ssl_ca_certs: + connection_kwargs['ssl_ca_certs'] = ssl_ca_certs + + # 根据ssl_cert_reqs设置主机名验证 + if ssl_cert_reqs == 'none': + connection_kwargs['ssl_check_hostname'] = False + elif ssl_cert_reqs == 'required': + connection_kwargs['ssl_check_hostname'] = True + else: # optional + connection_kwargs['ssl_check_hostname'] = False + + logger.info(f"使用 TLS 连接 Redis: {redis_url} (ssl_cert_reqs={ssl_cert_reqs})") + + # 创建Redis客户端(同步) + self._redis_client = redis.from_url( + redis_url, + **connection_kwargs + ) +>>>>>>> Incoming (Background Agent changes) # 测试连接 self._redis_client.ping()