MCPcopy Index your code
hub / github.com/simstudioai/sim / resolveRedisTlsOptions

Function resolveRedisTlsOptions

apps/sim/lib/core/config/redis.ts:19–38  ·  view source on GitHub ↗

* When REDIS_URL targets a bare IP over `rediss://` (e.g. trigger.dev's * PrivateLink VPCE IP), default TLS hostname verification fails — the cert * is issued for the ElastiCache DNS name, not the IP. Override SNI with * REDIS_TLS_SERVERNAME (set to the DNS the cert was issued for). * * For DNS

(url: string | undefined)

Source from the content-addressed store, hash-verified

17 * For DNS hosts: no override needed, default verification works.
18 */
19function resolveRedisTlsOptions(url: string | undefined): { servername: string } | undefined {
20 if (!url) return undefined
21 let parsed: URL
22 try {
23 parsed = new URL(url)
24 } catch {
25 return undefined
26 }
27 if (parsed.protocol !== 'rediss:') return undefined
28 const hostIsIp = /^\d{1,3}(\.\d{1,3}){3}$/.test(parsed.hostname)
29 if (!hostIsIp) return undefined
30 if (!env.REDIS_TLS_SERVERNAME) {
31 throw new Error(
32 'REDIS_TLS_SERVERNAME must be set when REDIS_URL targets an IP over rediss://. ' +
33 'TLS cert hostname verification cannot match an IP — set REDIS_TLS_SERVERNAME ' +
34 'to the DNS name the cert was issued for (the ElastiCache primary endpoint).'
35 )
36 }
37 return { servername: env.REDIS_TLS_SERVERNAME }
38}
39
40/**
41 * Shared connection defaults — keepAlive, connectTimeout, enableOfflineQueue,

Callers 1

Calls 1

testMethod · 0.80

Tested by

no test coverage detected