Remove SSL parameters from Redis connection logging to avoid exception

Changes.md

@@ -2,6 +2,11 @@
 
 [Sidekiq Changes](https://github.com/mperham/sidekiq/blob/master/Changes.md) | [Sidekiq Pro Changes](https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md) | [Sidekiq Enterprise Changes](https://github.com/mperham/sidekiq/blob/master/Ent-Changes.md)
 
+Unreleased
+---------
+
+- Avoid exception dumping SSL store in Redis connection logging [#4532]
+
 6.0.7
 ---------
 

lib/sidekiq/redis_connection.rb

@@ -97,7 +97,7 @@ def log_info(options)
         redacted = "REDACTED"
 
         # deep clone so we can muck with these options all we want
-        scrubbed_options = Marshal.load(Marshal.dump(options))
+        scrubbed_options = Marshal.load(Marshal.dump(options.except(:ssl_params)))
         if scrubbed_options[:url] && (uri = URI.parse(scrubbed_options[:url])) && uri.password
           uri.password = redacted
           scrubbed_options[:url] = uri.to_s

test/test_redis_connection.rb

@@ -197,8 +197,8 @@ def server_connection(*args)
             { host: 'host1', port: 26379, password: 'secret'},
             { host: 'host2', port: 26379, password: 'secret'},
             { host: 'host3', port: 26379, password: 'secret'},
-           ],
-           password: 'secret'
+          ],
+          password: 'secret'
         }
 
         output = capture_logging do
@@ -211,6 +211,21 @@ def server_connection(*args)
         assert_includes(output, ':host=>"host3", :port=>26379, :password=>"REDACTED"')
         assert_includes(output, ':password=>"REDACTED"')
       end
+
+      it 'prunes SSL parameters from the logging' do
+        options = {
+          ssl_params: {
+            cert_store: OpenSSL::X509::Store.new
+          }
+        }
+
+        output = capture_logging do
+          Sidekiq::RedisConnection.create(options)
+        end
+
+        assert_includes(options.inspect, "ssl_params")
+        refute_includes(output, "ssl_params")
+      end
     end
   end