Changing the default value for ssl_check_hostname to True, to ensure security validations are not skipped by default by petyaslavova · Pull Request #3626 · redis/redis-py (original) (raw)
Pull Request Overview
This PR changes the default value for ssl_check_hostname from False to True to enforce stricter security validations by default. Key changes include updating the default in production code (in redis/connection.py, redis/client.py, and their asyncio equivalents) while tests and examples explicitly override the value for backward compatibility or simulation of insecure scenarios.
- Production connection and client constructors now default to ssl_check_hostname=True.
- Tests and examples explicitly pass ssl_check_hostname=False to simulate non-secure connections.
- Documentation examples have been updated to reflect the new production default.
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| tests/test_ssl.py | Added explicit override of ssl_check_hostname for SSL connection tests |
| tests/test_connect.py; test_asyncio files | Modified connection parameter overrides to include ssl_check_hostname=False in tests |
| redis/connection.py, redis/client.py, etc. | Updated default ssl_check_hostname parameter from False to True |
| docs/examples/ssl_connection_examples.ipynb | Updated examples to include ssl_check_hostname parameter explicitly |
Comments suppressed due to low confidence (1)
redis/connection.py:1031
- Changing the default to True enhances security by ensuring hostname validation; verify that any integrations or custom overrides still function as expected.
ssl_check_hostname: bool = True,