Add missing CRL cache support to rabbitmq.conf configuration (backport #15160)#15161
Merged
michaelklishin merged 1 commit intov4.2.xfrom Dec 18, 2025
Merged
Add missing CRL cache support to rabbitmq.conf configuration (backport #15160)#15161michaelklishin merged 1 commit intov4.2.xfrom
rabbitmq.conf configuration (backport #15160)#15161michaelklishin merged 1 commit intov4.2.xfrom
Conversation
RabbitMQ's modern `rabbitmq.conf` format does not support the
`crl_cache` SSL option, forcing users to fall back to the legacy
Erlang-style `advanced.config` file for this single setting. This
creates an inconsistent configuration experience when using Certificate
Revocation List (CRL) validation.
This adds schema mappings for `ssl_options.crl_sources` using indexed
syntax. The implementation translates these settings into the required
Erlang term format `{crl_cache, {ssl_crl_cache, {internal,
[Options]}}}`. Two CRL source types are supported: `http` with an
optional `timeout` parameter (defaults to 5000ms), and `dir` with a
required `path` parameter. Validation ensures that only appropriate
options are used with each source type.
Users can now configure multiple CRL sources using indexed syntax:
```
ssl_options.crl_sources.0 = http
ssl_options.crl_sources.0.timeout = 5000
ssl_options.crl_sources.1 = dir
ssl_options.crl_sources.1.path = /var/lib/rabbitmq/crls
```
Fixes #2338
(cherry picked from commit 4fb58bc)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add crl_cache support to rabbitmq.conf configuration RabbitMQ's modern
rabbitmq.confformat does not support thecrl_cacheSSL option, forcing users to fall back to the legacy Erlang-styleadvanced.configfile for this single setting. This creates an inconsistent configuration experience when using Certificate Revocation List (CRL) validation.This adds schema mappings for
ssl_options.crl_sourcesusing indexed syntax. The implementation translates these settings into the required Erlang term format{crl_cache, {ssl_crl_cache, {internal, [Options]}}}. Two CRL source types are supported:httpwith an optionaltimeoutparameter (defaults to 5000ms), anddirwith a requiredpathparameter. Validation ensures that only appropriate options are used with each source type.Users can now configure multiple CRL sources using indexed syntax:
Fixes #2338
This is an automatic backport of pull request #15160 done by Mergify.