feat(crl): register CRL URLs when starting TLS listeners

src/emqx_crl_cache.erl

@@ -143,7 +143,8 @@ http_get(URL, HTTPTimeout) ->
      ).
 
 do_http_fetch_and_cache(URL) ->
-    %% FIXME
+    ?tp(crl_http_fetch, #{crl_url => URL}),
+    %% FIXME: read from config
     Resp = ?MODULE:http_get(URL, ?HTTP_TIMEOUT),
     case Resp of
         {ok, {{_, 200, _}, _, Body}} ->

src/emqx_listeners.erl

@@ -139,6 +139,7 @@ start_listener(Proto, ListenOn, Options0) when Proto == ssl; Proto == tls ->
     ListenerID = proplists:get_value(listener_id, Options0),
     Options1 = proplists:delete(listener_id, Options0),
     Options = emqx_ocsp_cache:inject_sni_fun(ListenerID, Options1),
+    ok = maybe_register_crl_urls(Options),
     start_mqtt_listener('mqtt:ssl', ListenOn, Options);
 
 %% Start MQTT/WS listener
@@ -300,3 +301,21 @@ find_by_id(Id, [L | Rest]) ->
         true -> L;
         false -> find_by_id(Id, Rest)
     end.
+
+-spec maybe_register_crl_urls([esockd:option()]) -> ok.
+maybe_register_crl_urls(Options) ->
+    CRLOptions = proplists:get_value(crl_options, Options, []),
+    case proplists:get_bool(crl_cache_enabled, CRLOptions) of
+        false ->
+            ok;
+        true ->
+            URLs =
+                lists:usort(
+                  [URL
+                   || URL <- proplists:get_value(crl_cache_urls, CRLOptions, [])]),
+            lists:foreach(
+              fun(URL) ->
+                emqx_crl_cache:refresh(URL)
+              end,
+              URLs)
+    end.