Add missing CRL cache support to rabbitmq.conf configuration#15160
Merged
michaelklishin merged 1 commit intorabbitmq:mainfrom Dec 18, 2025
Merged
Add missing CRL cache support to rabbitmq.conf configuration#15160michaelklishin merged 1 commit intorabbitmq:mainfrom
rabbitmq.conf configuration#15160michaelklishin merged 1 commit intorabbitmq:mainfrom
Conversation
Collaborator
Author
84f9be9 to
fc685e9
Compare
Collaborator
|
To summarize my feedback from #2338: Otherwise this should mostly plug the CLR option gap we currently have in the TLS-related options. |
RabbitMQ's modern `rabbitmq.conf` format does not support the
`crl_cache` SSL option, forcing users to fall back to the legacy
Erlang-style `advanced.config` file for this single setting. This
creates an inconsistent configuration experience when using Certificate
Revocation List (CRL) validation.
This adds schema mappings for `ssl_options.crl_sources` using indexed
syntax. The implementation translates these settings into the required
Erlang term format `{crl_cache, {ssl_crl_cache, {internal,
[Options]}}}`. Two CRL source types are supported: `http` with an
optional `timeout` parameter (defaults to 5000ms), and `dir` with a
required `path` parameter. Validation ensures that only appropriate
options are used with each source type.
Users can now configure multiple CRL sources using indexed syntax:
```
ssl_options.crl_sources.0 = http
ssl_options.crl_sources.0.timeout = 5000
ssl_options.crl_sources.1 = dir
ssl_options.crl_sources.1.path = /var/lib/rabbitmq/crls
```
Fixes rabbitmq#2338
fc685e9 to
4fb58bc
Compare
crl_cache support to rabbitmq.conf configurationrabbitmq.conf configuration
michaelklishin
added a commit
that referenced
this pull request
Dec 18, 2025
Add missing CRL cache support to `rabbitmq.conf` configuration (backport #15160)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add crl_cache support to rabbitmq.conf configuration RabbitMQ's modern
rabbitmq.confformat does not support thecrl_cacheSSL option, forcing users to fall back to the legacy Erlang-styleadvanced.configfile for this single setting. This creates an inconsistent configuration experience when using Certificate Revocation List (CRL) validation.This adds schema mappings for
ssl_options.crl_sourcesusing indexed syntax. The implementation translates these settings into the required Erlang term format{crl_cache, {ssl_crl_cache, {internal, [Options]}}}. Two CRL source types are supported:httpwith an optionaltimeoutparameter (defaults to 5000ms), anddirwith a requiredpathparameter. Validation ensures that only appropriate options are used with each source type.Users can now configure multiple CRL sources using indexed syntax:
Fixes #2338