From ae77c872a0594bc9b4333b715d8367a6d05e4092 Mon Sep 17 00:00:00 2001
From: Starz0r <starz0r@starz0r.com>
Date: Fri, 16 Jul 2021 01:51:09 -0500
Subject: [PATCH] root: celery requires additional parameters when tls is
 enabled (#1148)

---
 authentik/lib/default.yml  | 1 +
 authentik/root/settings.py | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml
index 95abf56ff..4d0d8146c 100644
--- a/authentik/lib/default.yml
+++ b/authentik/lib/default.yml
@@ -16,6 +16,7 @@ redis:
   port: 6379
   password: ''
   tls: false
+  tls_reqs: "none"
   cache_db: 0
   message_queue_db: 1
   ws_db: 2
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index 003462416..ce2acca78 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -189,8 +189,10 @@ REST_FRAMEWORK = {
 }
 
 REDIS_PROTOCOL_PREFIX = "redis://"
+REDIS_CELERY_TLS_REQUIREMENTS = ""
 if CONFIG.y_bool("redis.tls", False):
     REDIS_PROTOCOL_PREFIX = "rediss://"
+    REDIS_CELERY_TLS_REQUIREMENTS = f"?ssl_cert_reqs={CONFIG.y('redis.tls_reqs')}"
 
 CACHES = {
     "default": {
@@ -340,11 +342,13 @@ CELERY_BROKER_URL = (
     f"{REDIS_PROTOCOL_PREFIX}:"
     f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
     f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.message_queue_db')}"
+    f"{REDIS_CELERY_TLS_REQUIREMENTS}"
 )
 CELERY_RESULT_BACKEND = (
     f"{REDIS_PROTOCOL_PREFIX}:"
     f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:"
     f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.message_queue_db')}"
+    f"{REDIS_CELERY_TLS_REQUIREMENTS}"
 )
 
 # Database backup