diff --git a/src/v/cloud_storage_clients/configuration.cc b/src/v/cloud_storage_clients/configuration.cc index 536e04b370982..02def489a894d 100644 --- a/src/v/cloud_storage_clients/configuration.cc +++ b/src/v/cloud_storage_clients/configuration.cc @@ -53,6 +53,12 @@ build_tls_credentials( co_await cred_builder.set_system_trust(); } } + if (auto crl_file + = config::shard_local_cfg().cloud_storage_crl_file.value(); + crl_file.has_value()) { + co_await cred_builder.set_x509_crl_file( + *crl_file, ss::tls::x509_crt_format ::PEM); + } co_return co_await net::build_reloadable_credentials_with_probe< ss::tls::certificate_credentials>( std::move(cred_builder), "cloud_storage_client", std::move(name)); diff --git a/src/v/config/configuration.cc b/src/v/config/configuration.cc index 0de6b13a781fd..ec75a385231f4 100644 --- a/src/v/config/configuration.cc +++ b/src/v/config/configuration.cc @@ -1771,6 +1771,13 @@ configuration::configuration() {.visibility = visibility::user}, std::nullopt, &validate_non_empty_string_opt) + , cloud_storage_crl_file( + *this, + "cloud_storage_crl_file", + "Path to certificate revocation list for cloud_storage_trust_file.", + {.visibility = visibility::user}, + std::nullopt, + &validate_non_empty_string_opt) , cloud_storage_initial_backoff_ms( *this, "cloud_storage_initial_backoff_ms", diff --git a/src/v/config/configuration.h b/src/v/config/configuration.h index b4d12071bc919..964562c7529ef 100644 --- a/src/v/config/configuration.h +++ b/src/v/config/configuration.h @@ -325,6 +325,7 @@ struct configuration final : public config_store { property cloud_storage_disable_tls; property cloud_storage_api_endpoint_port; property> cloud_storage_trust_file; + property> cloud_storage_crl_file; property cloud_storage_initial_backoff_ms; property cloud_storage_segment_upload_timeout_ms; property