DOC: ssl: Add information about crl-file option When using the crl-file option with multiple Certificate Authority levels in the CA chain, there must be one CRL per CA or the verify function on the backend side will raise an "unagle to get certificate CRL" error (error code 3). This was required by GitHub issue #1201.

commit: 02bd68431b8b4ccf81121806658eb096a148f119 [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Tue May 04 12:22:34 2021 +0200
committer: William Lallemand <wlallemand@haproxy.org> Fri May 07 18:31:11 2021 +0200
tree: 45f6a86540ad5c72f0080a0a6ad9f3e91a4cb88b
parent: 90f2c7f41a7167dd54e94909288462658781896d [diff] [blame]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3130e32..e016370 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -13373,7 +13373,8 @@
 crl-file <crlfile>
   This setting is only available when support for OpenSSL was built in. It
   designates a PEM file from which to load certificate revocation list used
-  to verify client's certificate.
+  to verify client's certificate. You need to provide a certificate revocation
+  list for every certificate of your certificate authority chain.
 
 crt <cert>
   This setting is only available when support for OpenSSL was built in. It
commit	02bd68431b8b4ccf81121806658eb096a148f119	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Tue May 04 12:22:34 2021 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Fri May 07 18:31:11 2021 +0200
tree	45f6a86540ad5c72f0080a0a6ad9f3e91a4cb88b
parent	90f2c7f41a7167dd54e94909288462658781896d [diff] [blame]