config: add client_crl (#2157)

* config: add client_crl * address comments * add ignored file
2025-05-21 21:17:13 +02:00 · 2021-04-30 14:36:32 -06:00 · 2021-04-30 14:36:32 -06:00 · b5b1013947
commit b5b1013947
parent a43d666d56
12 changed files with 404 additions and 215 deletions
--- a/docs/reference/readme.md
+++ b/docs/reference/readme.md
@ -138,6 +138,16 @@ certificates:
 The Client Certificate Authority is the x509 _public-key_ used to validate [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) client certificates. If not set, no client certificate will be required.


+### Client CRL
+- Environment Variable: `CLIENT_CRL` / `CLIENT_CRL_FILE`
+- Config File Key: `client_crl` / `client_crl_file`
+- Type: [base64 encoded] `string` or relative file location
+- Optional
+
+The Client CRL is the [certificate revocation list](https://en.wikipedia.org/wiki/Certificate_revocation_list)
+(in PEM format) for client certificates. If not set, no CRL will be used.
+
+
 ### Cookie Options

 #### Cookie Name
--- a/docs/reference/settings.yaml
+++ b/docs/reference/settings.yaml
@ -168,6 +168,16 @@ settings:
          - Optional
        doc: |
          The Client Certificate Authority is the x509 _public-key_ used to validate [mTLS](https://en.wikipedia.org/wiki/Mutual_authentication) client certificates. If not set, no client certificate will be required.
+      - name: "Client CRL"
+        keys: ["client_crl", "client_crl_file"]
+        attributes: |
+          - Environment Variable: `CLIENT_CRL` / `CLIENT_CRL_FILE`
+          - Config File Key: `client_crl` / `client_crl_file`
+          - Type: [base64 encoded] `string` or relative file location
+          - Optional
+        doc: |
+          The Client CRL is the [certificate revocation list](https://en.wikipedia.org/wiki/Certificate_revocation_list)
+          (in PEM format) for client certificates. If not set, no CRL will be used.
      - name: "Cookie Options"
        settings:
          - name: "Cookie Name"