From 83183b7e4be98bde3ad61f26c729dcfc7022d24d Mon Sep 17 00:00:00 2001 From: Thales Macedo Garitezi Date: Thu, 10 Nov 2022 11:40:14 -0300 Subject: [PATCH] feat(crl): register CRL URLs when starting TLS listeners --- src/emqx_crl_cache.erl | 3 ++- src/emqx_listeners.erl | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/emqx_crl_cache.erl b/src/emqx_crl_cache.erl index d411bc52e..bca18e7a4 100644 --- a/src/emqx_crl_cache.erl +++ b/src/emqx_crl_cache.erl @@ -143,7 +143,8 @@ http_get(URL, HTTPTimeout) -> ). do_http_fetch_and_cache(URL) -> - %% FIXME + ?tp(crl_http_fetch, #{crl_url => URL}), + %% FIXME: read from config Resp = ?MODULE:http_get(URL, ?HTTP_TIMEOUT), case Resp of {ok, {{_, 200, _}, _, Body}} -> diff --git a/src/emqx_listeners.erl b/src/emqx_listeners.erl index a2a497d8b..0cba44eab 100644 --- a/src/emqx_listeners.erl +++ b/src/emqx_listeners.erl @@ -139,6 +139,7 @@ start_listener(Proto, ListenOn, Options0) when Proto == ssl; Proto == tls -> ListenerID = proplists:get_value(listener_id, Options0), Options1 = proplists:delete(listener_id, Options0), Options = emqx_ocsp_cache:inject_sni_fun(ListenerID, Options1), + ok = maybe_register_crl_urls(Options), start_mqtt_listener('mqtt:ssl', ListenOn, Options); %% Start MQTT/WS listener @@ -300,3 +301,21 @@ find_by_id(Id, [L | Rest]) -> true -> L; false -> find_by_id(Id, Rest) end. + +-spec maybe_register_crl_urls([esockd:option()]) -> ok. +maybe_register_crl_urls(Options) -> + CRLOptions = proplists:get_value(crl_options, Options, []), + case proplists:get_bool(crl_cache_enabled, CRLOptions) of + false -> + ok; + true -> + URLs = + lists:usort( + [URL + || URL <- proplists:get_value(crl_cache_urls, CRLOptions, [])]), + lists:foreach( + fun(URL) -> + emqx_crl_cache:refresh(URL) + end, + URLs) + end.