Implement SSL hostname verification

Author: byroot

lib/redis_client/config.rb

@@ -107,6 +107,7 @@ def openssl_context
 
           context = OpenSSL::SSL::SSLContext.new
           context.set_params(params)
+          context.verify_hostname
           context
         end
       end

lib/redis_client/connection.rb

@@ -40,7 +40,7 @@ def initialize(config, connect_timeout:, read_timeout:, write_timeout:)
       )
     rescue Errno::ETIMEDOUT => error
       raise ConnectTimeoutError, error.message
-    rescue SystemCallError => error
+    rescue SystemCallError, OpenSSL::SSL::SSLError => error
       raise ConnectionError, error.message
     end
 

test/fixtures/certs/ca.crt

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIE5jCCAs4CCQCn/PfBBqJ4SjANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
+MIIE5jCCAs4CCQDxt6Euaz14TjANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
 ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw
-MzExMTEzNzUwWhcNMzIwMzA4MTEzNzUwWjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0
+NDEzMTEyMzQ3WhcNMzIwNDEwMTEyMzQ3WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0
 MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB
 AQUAA4ICDwAwggIKAoICAQCvyS8Pw+lnSNHphxVDUE6ogvz/HWulyFpeugWtuitl
 Q8mGho+E0IdkRvP6uS7r31d4XUznYXwbHpQakDuzPbjgXDcRSAtvUOqD79xkn5Ff
@@ -14,16 +14,16 @@ TwSZGW1QKU3YPwdWfFNRYCR1UOCEwAgAa9bpHJrLVoQ1vpx3y2q6xm7lVbUj/yhP
 MWzEG9Sih85AliWHjiKOM0+nc6vyUffxflebeg966B32BtsfcRgT9TJ9O1ppnZFk
 PnR1ZR4duvRY/0nBmtJ49QYaVRGfLCA6+7KOzB6z5FbFCE+g05XWkjSWWymYORFs
 UBGCaCOtd3blaG+U+RkHX+Y3UA9aDtTJ+HxhTyBGg+MagoEsQZc3Zm9ho4lVx0l4
-EQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCWZymhl8iMuArzKj2dwS/8lkHodd44
-tEfnV+2iPXGZmc3SboAWYcBrAQ4lFfi2NhttpJNjyTBHkiOqsdTLWOhcVuKCw1vZ
-HFct3+jloq+gmpUBi4i65rYxiiROONkuG3HevC3xExc+FeqZXYVKK2mo2FP/6HrH
-e4Q52Jtcqop6JeUo9gmawut+reIn2HFO2ZkX8GNuAnWfLIlYwqf68MHJxMEKzTXO
-nbiAaxHvP5oeqAr0u3Lqt88XWr4C70CuqawmsK/Ey5QptXkmLoYtrwRR22VQ3k6H
-yTAna6hcCT1MrdHuE9DE3GbL1fzbwGj1IaE4xVk6kH8NlUOtoTy1RzFgLL5nEzZg
-QjlD6a+FnRRWBkfmmLinpamaCl2RvosKrNKn0+kvYdUHEYUIt9RIzDHaFbf64ay7
-pRIVr0jPc1OZb4aY7p1BSl036pbaPxXowxPlcQLljOI83aGFQq2jaOLzHRNoJDoz
-jNRRevxh1sauguBDBTp/QRr1Ek1MO599mjzxQgHmi2OzXh1OpqELq/34/HBp0a56
-zKdx5Unge4OBli2WZjBcwFrGCAtj5oGoZrZ15Clc3jP00Bm/7dpL2BjsB6sBiyin
-mRePNE3tSJTfAj96/C6Z07cNPSRJL6Pog2711hEOx6yLgYKJSmZrkBRDNqHCzIDK
-HkQ9fn4Q3ZRMrg==
+EQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAEvbyfpRn7eQ5eSFSfVTXHsLIElrhU
+xqIoPjdK7p48sl846FfMDugA5bNV68y4WxGXy7Uny+HnJAf5kffl7eG5MIyWgb/f
+3jZuLK7oCeRYtjbT9kqelo5GLcP7vhnWI7FxXttrYvzmSgHtfIgaH0wOqeP3mjNI
+OJih93Ju/wrCAUIn8k2uwIbcX5xOtjBq1SRN+bzj8x8Dggur9XrELgQDJ4cVdOEQ
+9l2wthq3yMeAsbXvvw/loWmqPNsw0qGivC9g9ibHsXKWT6tl2BdcHp7wFEq+lasa
+QLTZCNENTLjdcy8xL8N175OvAUTCxC+qPmwP4UnfYh1yEcXFyoQ0YzcKaxxXDzGa
+6JAKKU7PIJ2S4tLpc2AnSUoV6RHXDpAaVPLJdJeWIalf3axhyKtFbfrBAJUUdTNK
+nmcS+Zdw9bC7FpSDy/Ihxn86WluzB3IfzkfcCPBE/snJveNhqzApheaQQ0FRptSC
+k3qkmkIiJWIvkGk5Kd/kwlKT6hQUiZbxUg0po0kV/Gr56MKUcpM7Rk1EWifv8zDr
+zB7QwkGkLwNxIO5x26JUWdiRYJG+krlTCMTCU1xizMdh3suxWD8sKkxUJTjiHtsx
+v5dx/eRKFOeURUjCeT48V5F6x4C9+qcGop/cDGx5zRWaf7LbzVLx/WMVWCIbUa+Z
+RxPkx7LCzXFbCQ==
 -----END CERTIFICATE-----

test/fixtures/certs/ca.txt

@@ -1 +1 @@
-E8E8B1291EDD332F
+E8E8B1291EDD3338

test/fixtures/certs/client.crt

@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEBTCCAe2gAwIBAgIJAOjosSke3TMuMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
+MIIEAzCCAeugAwIBAgIJAOjosSke3TM3MA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
 BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe
-Fw0yMjAzMTExMTM3NTBaFw0yMzAzMTExMTM3NTBaMCsxEzARBgNVBAoMClJlZGlz
-IFRlc3QxFDASBgNVBAMMC0NsaWVudC1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEApekIP5Lx+nBQig+q5wDUc2EfSVu1vDEWyQP5pjWrXnmT+yQi
-zmXnoTSSM+6Qzni9oPMbtEuJlSyAaTW7sa7BM7cvwsPIT/IVuN2yVR0LNIeB/dy6
-8wHiaFk3AVPGZaeWFDQ0lsNfqDTrQzTPOBjquO7J8B8Znety9qhGBgjNAKN2eLQh
-AFRnSFU+P0YtVI0yJdHk7JN79VmgElCR5vs3AABQ+Z79zcGYN8eR5KWK0Kx2W2gi
-gjhrva7pKGA6oupPvqS89ciqjGEXzcHZKOTbTgYwuDcPnpKbppTg76GtmS7ieBIK
-IvV2StYyLydUUgMBNKCT8KXCZbhRFqG6zRBuOwIDAQABoyIwIDALBgNVHQ8EBAMC
-BaAwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQA+CoaCNWqq
-7Tf7V0E05AWWv8PMpzP/6dSLOz6C3zxWSuNzVoFJmOShxt8OA3Ach4UAnnYTwsWM
-RWq3WDlGl04t1P+sjMr7Gz767ZS/TOFyjF9F4+63Jwld3YIrdswr3cFUdCHrjcmA
-qGpc+sKfE0ipCtOMrZea7FU7UTg/HMMksiqIivukHQaM3NdJB0wumm+2nqhSWwYV
-gvaQLIwlYaBrkDHgnwkH3jwlRza3wV09CBCVzCnE9MQgfO/WBLAjMH4e/4wJwyBv
-Q5VQc91WGhmELJEGHb8IfHNspZ7nC0dqz8rNQ6HPf9o7iSl/dleZy78IyBva/c14
-lMGiJeN234wP3+kWZBPFXpfteYOU6Cs78fJ0AFENSRILCmW3+yTyZGL4YXmy47Zk
-7Ea6v6Bw/KvLNVKhqZKt24r/5V/dsHN4Xgtx/9dh28ajD8FTVg9hkHAT6hNpoowK
-e2XX5IfTiRrHRhkF/89KPHSxosHcA8aIE+YKS+FPHTu+XhaeANsvSt9+WKZlWWvx
-+/1XQiJ4DvzMD27zQ1tIYUTWqPF90JOgjYdbHSmzzQfpv+OUQxyJjfSU/IDjMt/h
-aWzeLGXAtkA+hZyMj1u4xqEOa0W6rz2Qmwv15J7VtI6b7pSG4FgRwaXryEW3aVtW
-7Wg3qyUdg105R7S9jENLZno17tQWZE6+mg==
+Fw0yMjA0MTMxMTIzNDdaFw0yMzA0MTMxMTIzNDdaMCkxEzARBgNVBAoMClJlZGlz
+IFRlc3QxEjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKXpCD+S8fpwUIoPqucA1HNhH0lbtbwxFskD+aY1q155k/skIs5l
+56E0kjPukM54vaDzG7RLiZUsgGk1u7GuwTO3L8LDyE/yFbjdslUdCzSHgf3cuvMB
+4mhZNwFTxmWnlhQ0NJbDX6g060M0zzgY6rjuyfAfGZ3rcvaoRgYIzQCjdni0IQBU
+Z0hVPj9GLVSNMiXR5OyTe/VZoBJQkeb7NwAAUPme/c3BmDfHkeSlitCsdltoIoI4
+a72u6ShgOqLqT76kvPXIqoxhF83B2Sjk204GMLg3D56Sm6aU4O+hrZku4ngSCiL1
+dkrWMi8nVFIDATSgk/ClwmW4URahus0QbjsCAwEAAaMiMCAwCwYDVR0PBAQDAgWg
+MBEGCWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAHT8DHHWpbPn4
+k+dW8rAMARZ8voCygybp79PQDjKGjRgYYnil5zbXPQfoFF9VEMrtSaFEEdT891BZ
+un5H1KuA6ASRQjNk0HVWQ0tQ4vDZTw7tSv0SqcKzWd6BzIn16Syk74bc0ldidQEZ
+uQj0uBEfmP3zKySAru0Iaif82HslSEN4JQ9i1GqRh1RNjQpRz+/eYWlNcuGAJe1f
+gVs7/IDrNEm6hxHQU3ooOjhzwXLpvWMaJrWnooZgW+BTEZKmkZqFNUwatW29bgkt
+UD5Pkf2GOLF4TVRIm2pTte/8uJSS1xpfoFGvBOxTS465WRYJNj9xBIHtPzYM8X8C
+mc4yx7NVCKF/Ncrb5M2tIgUSNthYjRxCb2/s4JKjpA+yhAGRcy6ljqn1zDgDjm3l
+7SXUdEiJltTkEyHgv27iW0+MkBpRD5xRmFlYDRuILRnSGTnztyRmgrN1yDoD48/8
+xVLu62Kq/8xe8dzXI6bNFDiwgpJqRalX6V9nYJ0gkYmSmE/R95otBli1XjR62LuS
+meTKMBlc1DLiwaDGaVM9ePXFQwdCXvUtNsy8HHQKPri9Poi+B3WdxLW7jK7XLoul
+c+hiKRRbgtKWsmE1n8oDXZW9jMFMJ4AXC4jQ6Asce9jwSB6Bi+1lDKV8Vo7CIJzQ
+/A3YXDgoOBNRKxqLo4j1MP2EX6wUi1U=
 -----END CERTIFICATE-----

test/fixtures/certs/redis.crt

@@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIID3TCCAcUCCQDo6LEpHt0zLzANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
+MIID2jCCAcICCQDo6LEpHt0zODANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
 ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw
-MzExMTEzNzUxWhcNMjMwMzExMTEzNzUxWjAsMRMwEQYDVQQKDApSZWRpcyBUZXN0
-MRUwEwYDVQQDDAxHZW5lcmljLWNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDDfYEZNPGrbObu+d1zZsJA88qr4QRyexr5MihOQSAOoxZTUfpos2YY
-isYJn7kmtd/aI0X4Knmt71K9NynRlwp+rsbnCCcc6CXTBd5+qZ6BN85yDv0g51W0
-Yhe+92yD9bLDJ6MGBV0FjalS6EMBJiRPj1ZNbd3F0PG7IhxJqZ+LABDtoZc7U4oU
-XUcg5HnrHuR/7RnVIzZn28rkqqIqkh5lmo4jUhBCxt7c8BLGO5selUPJHQviOSx8
-cKETf7QdJZ5bM4FbNQs7CuuGjyP1M8CxHU97KMrQG2/5MIKtve9fQEt3M/XYChLN
-PxQG53xNXG0bQNcJF3BgxOfeEIk/mzVFAgMBAAEwDQYJKoZIhvcNAQELBQADggIB
-ACh0tonLSJeCadSv0OIudZjOffU3jo1dczNJ5cYPEbrTQaA/zsZQQl+aiFqnA7iC
-lBynv2rd2zSOQAR0mNz6PqaOGBNP5RZSQ9V4+WmA0ibtdEGhjxbCzsBXY+1Epgca
-iUqfW9FhZxx9vNIxhRDTrHhiULHr/VhP6jtNhYI7dL+VA0CUX/RJpSQBu2F/MowF
-gmHGtz3Y+iMPldbhWZIMwKzil+EPU2alVrYGJfaBjbHfaluUJXNkQsUGJSLvXQED
-ToRzveRR7i/gR4y0v1rCgW0KGbhZ4CJeNfvu5aQFiYSU+iyb9aFLXNMiUd0Oqqxq
-BBHYq9UmcEA3BHd0oWx7DwkJNl/SJzSN9PO2tZLGroNtacWZ2/HIz10AJROVOsts
-oQNJoxry/eQo5/Z6rDbPmrzJEvCpuFSDFAZcjFxhWoN6M2lyBlmeVdN4fbFQPBOF
-j/VGE8UWS6YM91VSikoPdyWB5qu0VrlHWLDjTjNmARO+Y5Vvz9C+46mdplQVq/yz
-vP9pImgu31tUlzdfJq0IlLrQ5aKZqwnjwLQ9A2As9CWX/CeAKJiJ+Y65GyT42PI4
-Cun4y/Pc6xvajwbdpfWK5u3dHrSV4ju9s8YF7rFECGoVP1H2RurPTTdgQ63lGTt8
-O8xayTb7mHNkAvLWk7CX9Gv5jP/RYos3nj/ti6gZkaFe
+NDEzMTEyMzQ3WhcNMjMwNDEzMTEyMzQ3WjApMRMwEQYDVQQKDApSZWRpcyBUZXN0
+MRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDDfYEZNPGrbObu+d1zZsJA88qr4QRyexr5MihOQSAOoxZTUfpos2YYisYJ
+n7kmtd/aI0X4Knmt71K9NynRlwp+rsbnCCcc6CXTBd5+qZ6BN85yDv0g51W0Yhe+
+92yD9bLDJ6MGBV0FjalS6EMBJiRPj1ZNbd3F0PG7IhxJqZ+LABDtoZc7U4oUXUcg
+5HnrHuR/7RnVIzZn28rkqqIqkh5lmo4jUhBCxt7c8BLGO5selUPJHQviOSx8cKET
+f7QdJZ5bM4FbNQs7CuuGjyP1M8CxHU97KMrQG2/5MIKtve9fQEt3M/XYChLNPxQG
+53xNXG0bQNcJF3BgxOfeEIk/mzVFAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAFZL
+q3jbuxsSX3CJO1+p3NEAwogX7bGyvVk99QHvVUKFlnTRhrmpxTKvbzd27ahWjR2L
+B/2Dk0onZJBaPUD887XJP8biZlzBhR5rtpTsrKlDjTJrXhoMlXCnJ41EgTk8pyn0
+j6T5P1RKrrbonXqWmF5T2flfb9wRNggow/6DZrJVMk6PGy8VJrTnbR6ppa4dFbmb
+nLt3kimXSxuLLhuDYXNIzJWFvksGfWwYMadnoqILWSeH4X3mwY85WTyx6r975jWW
+Mva7r4K8Cnf51OfLk7BynH6nVm+O3yBat8oMWv531+trUv3siWY3oufaqM7OuLZf
+joyFKndxgS5HMlzAjEwEl8UXzgVHyCTvjKb3hdQDCp8ynsOGDtadXnLWRld0KJ+N
+Z+sbQCxZEOeGAns6H9mhdbgJn+xZwIZdif8fYwL4Z9M2YEyTivLCuuMYbvSgoBwU
+6xtRJp6BbIm0OutMxReG+Jamcs7PJaSjASzIzd2wcP6jPCqk0krhkNC19c+k6Gc6
+RIZ2ZbO9dHJ+kMOEKa1HYuJc7d4xj0GMe+CH7J0QC50h8b1OejoAqREFSloBUV7Q
+WsQ02h46B4cJWLCjHzYKmQ+QZvL0PUfpAP6mxOWH6UTzt0aDO8rQYF0zJrTvOSFL
+Llz8Fhn+evSsXRUnBvzy6iEPUbAJww1um/oNbcsW
 -----END CERTIFICATE-----

test/fixtures/certs/redis.dh

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA+oW/vZAKdLFzHVqOuGMU8K3wEMbyG7EtC77s1lwpCO+SCXDoC9d1
+E/VHEXWk9IkHetUpYRQRNBMfJntBxh4v2TDYhdqwL9FkHrXsik1dz5jbILAminxV
+OJQ5H+qA1y8syQUyXs/DeeVwop3s5J+VeWV7dgNZ4Wi7RoN4rDZTsymIwvzyby9j
+TrM+CP+6Mo7OEM5PuDr6G7jEkDvzkbHf2MXImF+OQOiu4S+dfeiYPDqH7rc4X+i9
+F8XAsZEUCmIUeapcyuHtTTeXQd+ib/vHilB4WjRzPp7Qo/wjehoIq89J2jatH71K
+dHUqy115NDMkYdEM8j60+xQVeuRL5xETSwIBAg==
+-----END DH PARAMETERS-----

test/fixtures/certs/server.crt

@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEBTCCAe2gAwIBAgIJAOjosSke3TMtMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
+MIIEAzCCAeugAwIBAgIJAOjosSke3TM2MA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV
 BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe
-Fw0yMjAzMTExMTM3NTBaFw0yMzAzMTExMTM3NTBaMCsxEzARBgNVBAoMClJlZGlz
-IFRlc3QxFDASBgNVBAMMC1NlcnZlci1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAwfvzZULN5wJjM1/WVgXKcxy47qEf1jY7ukZT1ecoRJTPZJPI
-wIhxSZISpUYGMa6tSvC3l/2hwxyLhvrGXtILDX1RNTzA9U4H4JXExGsf6FpY7VF/
-c+gPUvvrwozggBk2t6FabNaSLDfpkVDHKS6L8HSKYXT5LksUWO/4adl2ddgq6Yvx
-OdTp/AWLJ/IOk8GLAEFXxpZ/a3qf8pfB0zppODGArBBgqYC5jDbQ3xSvBL70vNOw
-oszs0nfNJ/eZtHkHiJlMKSxiXCliamYYE4MJtZxuoK3/gYMWxGJaXnX1EFPMBr/Q
-6Yc4cESvYSOS1gWnRbk6w/bpi2+IjiYfUFmtlwIDAQABoyIwIDALBgNVHQ8EBAMC
-BaAwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBCwUAA4ICAQAQcSYdokUn
-yStu77pk6jWvCT7zMJ0ty0HEZxuXYG/h4OJz50Zc6/l0eR+CfZOgErr88+mAwVoY
-YJtGe+bF2p+NsYv+ruWyZhu5kmSJzDefBcjiUNbLO/M3JLPdbT8mUpv5Y7zxzR1g
-osVyNf+Jps07G9PTrZJZVYO9cE8kjdE+Kiz7DMW+/KZOLLFfKlYPb/lPLF7hKDi5
-z1SfX9z76OigT95OgTZ1LhRyD5xnwSgG6yE6TGOTdxLgeyUFDDsflXbjnRa+W4RU
-GFHXiw/KB240ZasZhDwa98st7wUvZwZSQXxbjwloyT+35X4za0unz9kHgDqNGAN5
-sGLmyH8lbTdh741ovOAyP+vqMA7fDuuxngw0ow8nuM7jKbg0o+f+uWc8wqYLgx3S
-yJgTD5ybO1kNM2o44Kni5IrGZP8ANyLuBRCb7wxHiubYXdLBO2H8dh7LsKGLVqLn
-W4+br80kOlBtyxfLxjiB9rWNNKm3VnhgOzv7K+Qc8pEjrSmfvtcHM0uGkhZS7z9o
-zLNKN1CXWsAXbcGHxL3IUCGXhVQ6ylHW6cbX5S6QwyECWO/7A4QwPHpQU+PkN22U
-JEkTiApehHuOoKB5HjsFBdpme0RJdWyMxDJunj4bOTUlkN51UDubPx3LfXuSs+8J
-ArihDT/CUL1kw7nCpTKv9itIFN3TLqWQfA==
+Fw0yMjA0MTMxMTIzNDdaFw0yMzA0MTMxMTIzNDdaMCkxEzARBgNVBAoMClJlZGlz
+IFRlc3QxEjAQBgNVBAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMH782VCzecCYzNf1lYFynMcuO6hH9Y2O7pGU9XnKESUz2STyMCI
+cUmSEqVGBjGurUrwt5f9ocMci4b6xl7SCw19UTU8wPVOB+CVxMRrH+haWO1Rf3Po
+D1L768KM4IAZNrehWmzWkiw36ZFQxykui/B0imF0+S5LFFjv+GnZdnXYKumL8TnU
+6fwFiyfyDpPBiwBBV8aWf2t6n/KXwdM6aTgxgKwQYKmAuYw20N8UrwS+9LzTsKLM
+7NJ3zSf3mbR5B4iZTCksYlwpYmpmGBODCbWcbqCt/4GDFsRiWl519RBTzAa/0OmH
+OHBEr2EjktYFp0W5OsP26YtviI4mH1BZrZcCAwEAAaMiMCAwCwYDVR0PBAQDAgWg
+MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEACFLDUtMlSU45
+g5s+x30mqRKJINDepBQHszECn2UgkWW6iQ7Uim7iROrWyGTR8alC9l+lTYgRu+D9
+P819sT7Zr4olBhh9ygeSqCVF/j8Bhzb4J5msAhVh7y8689JLFtyzQ07LeijXfY0o
+n6xMd+MdjyDeWb51LVTxE41Ko14/ahvcHvQ6IaUibmxAKfFDPIfIi1KwFoLp56MP
+kV+7XgFOn/zj81hAKhXXT/SejlFx0MEivGNhJrPyQ3MfGzGgG/cfdEokONxDHdRp
+s1Kqz4yAgtWSgt7xpSqeezSbxPRzusiSKg8rNCOZ6ajJoKx9qDACKhuLa+BOZ/kz
+eq57FLOB6nrsTb82vagT74jfoJEsss14Unz2fKm/deUcBKTmmliQcK9DejmXZF/r
+Dsk7j4kfPUO9I1aY47wYvPueS9bQ8glKa4I4p5OgxczEV9qqtJqAHbytL5iW5cBf
+sURc2QGFzJYxPn9Qxl01gvIOdUMKPQXjnGtd7LoabrXErnXWoU0SwYZXWX7xYG6a
+1z8fXMvdgaOk8r1WwIBna1cB7zgVutth1Cr3LRO9Rrg/NrQqiLzEMOQnNoiWSDJD
+cSuLiSQx9+JCWs4NaY9rig6se99Zv9yx7b1zp4defFVfQ5dglJc+wS7ZEpGsBG58
++vYELCFf4G+vKsowYSGB9S7BgRdmfpQ=
 -----END CERTIFICATE-----

test/fixtures/generate-certs.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# Generate some test certificates which are used by the regression test suite:
+#
+#   test/fixtures/certs/ca.{crt,key}          Self signed CA certificate.
+#   test/fixtures/certs/redis.{crt,key}       A certificate with no key usage/policy restrictions.
+#   test/fixtures/certs/client.{crt,key}      A certificate restricted for SSL client usage.
+#   test/fixtures/certs/server.{crt,key}      A certificate restricted for SSL server usage.
+#   test/fixtures/certs/redis.dh              DH Params file.
+
+generate_cert() {
+    local name=$1
+    local cn="$2"
+    local opts="$3"
+
+    local keyfile=test/fixtures/certs/${name}.key
+    local certfile=test/fixtures/certs/${name}.crt
+
+    [ -f $keyfile ] || openssl genrsa -out $keyfile 2048
+    openssl req \
+        -new -sha256 \
+        -subj "/O=Redis Test/CN=$cn" \
+        -key $keyfile | \
+        openssl x509 \
+            -req -sha256 \
+            -CA test/fixtures/certs/ca.crt \
+            -CAkey test/fixtures/certs/ca.key \
+            -CAserial test/fixtures/certs/ca.txt \
+            -CAcreateserial \
+            -days 365 \
+            $opts \
+            -out $certfile
+}
+
+mkdir -p tests/tls
+[ -f test/fixtures/certs/ca.key ] || openssl genrsa -out test/fixtures/certs/ca.key 4096
+openssl req \
+    -x509 -new -nodes -sha256 \
+    -key test/fixtures/certs/ca.key \
+    -days 3650 \
+    -subj '/O=Redis Test/CN=Certificate Authority' \
+    -out test/fixtures/certs/ca.crt
+
+cat > test/fixtures/certs/openssl.cnf <<_END_
+[ server_cert ]
+keyUsage = digitalSignature, keyEncipherment
+nsCertType = server
+[ client_cert ]
+keyUsage = digitalSignature, keyEncipherment
+nsCertType = client
+_END_
+
+generate_cert server "127.0.0.1" "-extfile test/fixtures/certs/openssl.cnf -extensions server_cert"
+generate_cert client "127.0.0.1" "-extfile test/fixtures/certs/openssl.cnf -extensions client_cert"
+generate_cert redis "127.0.0.1"
+
+[ -f test/fixtures/certs/redis.dh ] || openssl dhparam -out test/fixtures/certs/redis.dh 2048

test/support/client_test_helper.rb

@@ -56,7 +56,6 @@ def ssl_config
       timeout: 0.1,
       ssl: true,
       ssl_params: {
-        verify_hostname: false, # TODO: See if we could actually verify the hostname with our CI and dev setup
         cert: Servers::CERTS_PATH.join("client.crt").to_s,
         key: Servers::CERTS_PATH.join("client.key").to_s,
         ca_file: Servers::CERTS_PATH.join("ca.crt").to_s,