- Correcting SSL Certificate error in celery @startup

2025-09-05 14:03:07 +02:00
parent a6edd5c663
commit d6ea3ba46c
1 changed files with 15 additions and 10 deletions
--- a/common/utils/cache/regions.py
+++ b/common/utils/cache/regions.py
@@ -3,13 +3,12 @@ import time

 from dogpile.cache import make_region
 from urllib.parse import urlparse
-import os


 def get_redis_config(app):
    """
-    Create Redis configuration dict based on app config
-    Handles both authenticated and non-authenticated setups
+    Create Redis configuration dict based on app config.
+    Handles both authenticated and non-authenticated setups.
    """
    # Parse the REDIS_BASE_URI to get all components
    redis_uri = urlparse(app.config['REDIS_BASE_URI'])
@@ -21,7 +20,7 @@ def get_redis_config(app):
        'redis_expiration_time': 3600,
        'distributed_lock': True,
        'thread_local_lock': False,
-        # Ingebouwde connection pooling parameters
+        # Built-in connection pooling parameters
        'connection_pool_class': 'redis.BlockingConnectionPool',
        'connection_pool_class_kwargs': {
            'max_connections': 20,
@@ -31,7 +30,7 @@ def get_redis_config(app):
            'socket_timeout': 5,
        },

-        # Key prefix voor namespace isolation
+        # Key prefix for namespace isolation
        'key_mangler': lambda key: f"cache:workers:{key}"
    }

@@ -42,23 +41,29 @@ def get_redis_config(app):
            'password': redis_uri.password
        })

-    # SSL support using centralized config
+    # SSL support using centralised config
    cert_path = app.config.get('REDIS_CA_CERT_PATH')
    if cert_path and redis_uri.scheme == 'rediss':
        import ssl
        # Create SSL context
        ssl_context = ssl.create_default_context()
+        ssl_context.load_verify_locations(cert_path)
        ssl_context.verify_mode = ssl.CERT_REQUIRED
        ssl_context.check_hostname = app.config.get('REDIS_SSL_CHECK_HOSTNAME', True)
-        ssl_context.load_verify_locations(cert_path)
-        # Add SSL to connection pool kwargs
-        config['connection_pool_class_kwargs']['ssl'] = ssl_context
+
+        # Add SSL to connection pool kwargs (correct for redis-py)
+        config['connection_pool_class_kwargs']['ssl'] = True
+        config['connection_pool_class_kwargs']['ssl_cert_reqs'] = ssl.CERT_REQUIRED
+        config['connection_pool_class_kwargs']['ssl_ca_certs'] = cert_path
+        config['connection_pool_class_kwargs']['ssl_check_hostname'] = app.config.get('REDIS_SSL_CHECK_HOSTNAME', True)
+        # Also pass explicit context (preferred when available)
+        config['connection_pool_class_kwargs']['ssl_context'] = ssl_context

    return config


 def create_cache_regions(app):
-    """Initialize all cache regions with app config"""
+    """Initialise all cache regions with app config"""
    redis_config = get_redis_config(app)
    regions = {}
    startup_time = int(time.time())