diff --git a/apps/epp_proxy/src/epp_tls_acceptor.erl b/apps/epp_proxy/src/epp_tls_acceptor.erl index 07854b0..6ef5f3e 100644 --- a/apps/epp_proxy/src/epp_tls_acceptor.erl +++ b/apps/epp_proxy/src/epp_tls_acceptor.erl @@ -9,19 +9,25 @@ -define(CaCertFile, case application:get_env(epp_proxy, cacertfile_path) of undefined -> undefined; - {ok, Value} -> Value + {ok, CaCertFile} -> CaCertFile end). -define(CertFile, case application:get_env(epp_proxy, certfile_path) of undefined -> undefined; - {ok, Value} -> Value + {ok, CertFile} -> CertFile end). -define(KeyFile, case application:get_env(epp_proxy, keyfile_path) of undefined -> undefined; - {ok, Value} -> Value + {ok, KeyFile} -> KeyFile end). +-define(CrlFile, + case application:get_env(epp_proxy, crlfile_path) of + undefined -> undefined; + {ok, CrlFile} -> CrlFile + end). + %% gen_server callbacks -export([init/1, handle_cast/2, handle_call/3, start_link/1]). @@ -40,7 +46,11 @@ init(Port) -> {depth, 1}, {cacertfile, ?CaCertFile}, {certfile, ?CertFile}, - {keyfile, ?KeyFile}], + {keyfile, ?KeyFile}, + {crl_check, peer}, + {crl_cache, {ssl_crl_cache, {internal, [{http, 5000}]}}}], + + ssl_crl_cache:insert({file, ?CrlFile}), {ok, ListenSocket} = ssl:listen(Port, Options), gen_server:cast(self(), accept), diff --git a/config/sys.config b/config/sys.config index 6d5dfa1..d504f81 100644 --- a/config/sys.config +++ b/config/sys.config @@ -6,5 +6,6 @@ {epp_command_url, "https://registry.test/epp/command/"}, {cacertfile_path, "/opt/shared/ca/certs/ca.crt.pem"}, {certfile_path, "/opt/shared/ca/certs/cert.pem"}, - {keyfile_path, "/opt/shared/ca/certs/key.pem"}]} + {keyfile_path, "/opt/shared/ca/certs/key.pem"}, + {crlfile_path, "/opt/shared/ca/certs/key.pem"},]} ].