Merge pull request #9345 from thalesmg/register-crl-listener-rv44

feat(crl): register CRL URLs when starting TLS listeners
2022-11-10 18:23:38 +01:00 · 2022-11-10 18:23:38 +01:00 · 1774420da0
parent dae7371f3b fbf5764b2d
commit 1774420da0
2 changed files with 22 additions and 1 deletions
--- a/src/emqx_crl_cache.erl
+++ b/src/emqx_crl_cache.erl
@ -143,7 +143,8 @@ http_get(URL, HTTPTimeout) ->
     ).

 do_http_fetch_and_cache(URL) ->
-    %% FIXME
+    ?tp(crl_http_fetch, #{crl_url => URL}),
+    %% FIXME: read from config
    Resp = ?MODULE:http_get(URL, ?HTTP_TIMEOUT),
    case Resp of
        {ok, {{_, 200, _}, _, Body}} ->
--- a/src/emqx_listeners.erl
+++ b/src/emqx_listeners.erl
@ -139,6 +139,7 @@ start_listener(Proto, ListenOn, Options0) when Proto == ssl; Proto == tls ->
    ListenerID = proplists:get_value(listener_id, Options0),
    Options1 = proplists:delete(listener_id, Options0),
    Options = emqx_ocsp_cache:inject_sni_fun(ListenerID, Options1),
+    ok = maybe_register_crl_urls(Options),
    start_mqtt_listener('mqtt:ssl', ListenOn, Options);

 %% Start MQTT/WS listener
@ -300,3 +301,22 @@ find_by_id(Id, [L | Rest]) ->
        true -> L;
        false -> find_by_id(Id, Rest)
    end.
+
+%% @doc Called by Enterprise edition to dynamically reload configs.
+-spec maybe_register_crl_urls([esockd:option()]) -> ok.
+maybe_register_crl_urls(Options) ->
+    CRLOptions = proplists:get_value(crl_options, Options, []),
+    case proplists:get_bool(crl_cache_enabled, CRLOptions) of
+        false ->
+            ok;
+        true ->
+            URLs =
+                lists:usort(
+                  [URL
+                   || URL <- proplists:get_value(crl_cache_urls, CRLOptions, [])]),
+            lists:foreach(
+              fun(URL) ->
+                emqx_crl_cache:refresh(URL)
+              end,
+              URLs)
+    end.