crl_cache cannot be configured in new format rabbitmq.conf

129 views
Skip to first unread message

ya mur

unread,
May 11, 2020, 7:08:04 AM5/11/20
to rabbitmq-users
Hi,

We are currently trying to migrate our rabbitmq 3.6 to 3.8 and try to adapt our old rabbitmq.config file into new format rabbitmq.conf (sysctl format).

Unfortunately, we did not find the equivalent configuration for crl_cache.

In old config file rabbit.config we have:

{ssl_options, [{cacertfile,"xxxxxxxxxxxxxxxx"},
                          
{certfile,  "xxxxxxxxx"},
                          
{keyfile,   "xxxxxxxxxxx"},
                          
{depth, 4},
                          
{verify,verify_peer},
                          
{fail_if_no_peer_cert,true},
                          
{crl_check, true},
                          
{crl_cache, {ssl_crl_cache, {internal, [{http, 5000}]}}}

and in the new format rabbitmq.conf:

ssl_options.verify               = verify_peer
ssl_options.fail_if_no_peer_cert = true
ssl_options.crl_check            = true
ssl_options.crl_cache.ssl_crl_cache.internal.http =  5000 (not supported)


Could we know that our way of configuration is correct or not? or just the crl_cache is not supported in the new conf file. And if so, will it be added in the future release?


Thanks in advance.

Regards,
Yanchao MURONG

Luke Bakken

unread,
May 11, 2020, 10:37:40 AM5/11/20
to rabbitmq-users
Hello,

Configuration via rabbitmq.conf is not supported. You should continue to use rabbitmq.config, or a combination of rabbitmq.conf / advanced.config files.

I have opened this issue. Contributions are welcome - https://github.com/rabbitmq/rabbitmq-server/issues/2338

Thanks,
Luke

ya mur

unread,
May 11, 2020, 11:06:47 AM5/11/20
to rabbitm...@googlegroups.com
Hi Luke,

Thanks for your feedback. 

We actually tried to put this crl_cache into advanced.config but it seems not get merged 
into effective configuration together with the other part of ssl_options in rabbitmq.conf. Does it mean that we have to put the entire ssl_options into advanced.config on classic mode instead of having some in rabbitmq.conf  and some in advanced.config to make it work? or it just ignore the ssl_options in advanced.config?

Regards,
Yanchao MURONG


Luke Bakken <lba...@pivotal.io>于2020年5月11日 周一16:37写道:
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/77e6819e-96ec-46de-9ff1-98b926303d2f%40googlegroups.com.

Luke Bakken

unread,
May 11, 2020, 11:37:40 AM5/11/20
to rabbitmq-users
Hello,

Yes, you must put all ssl_options into the advanced.config file. I believe 3.8.4 will merge settings. When it is available, give it a try.

Thanks,
Luke
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.

M K

unread,
May 11, 2020, 12:04:45 PM5/11/20
to rabbitmq-users
We make no promises as to whether future versions will support CRL options as they are nearly undocumented in Erlang.

You can now watch [1], however.

Reply all
Reply to author
Forward
0 new messages