From cd053a28d47e72daaa500fc46bb39e15fa11eabf Mon Sep 17 00:00:00 2001
From: Thales Macedo Garitezi <thalesmg@gmail.com>
Date: Tue, 8 Nov 2022 14:21:18 -0300
Subject: [PATCH] docs(crl): add config docs for CRL options

---
 etc/emqx.conf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/etc/emqx.conf b/etc/emqx.conf
index 9d26e7b46..c9bcb7b59 100644
--- a/etc/emqx.conf
+++ b/etc/emqx.conf
@@ -1549,6 +1549,32 @@ listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 ## Value: Duration
 ## listener.ssl.external.ocsp_refresh_http_timeout = 15s
 
+## Whether to enable CRL verification and caching for this listener.
+## If set to true, requires specifying the CRL server URLs.
+##
+## Value: boolean
+## Default: false
+## listener.ssl.external.enable_crl_cache = true
+
+## Comma-separated URL list for CRL servers to fetch and cache CRLs
+## from.  Must include the path to the CRL file(s).
+##
+## Value: String
+## listener.ssl.external.crl_cache_urls = http://my.crl.server/intermediate.crl.pem, http://my.other.crl.server/another.crl.pem
+
+## The timeout for the HTTP request when fetching CRLs.
+##
+## Value: Duration
+## Default: 15 s
+## listener.ssl.external.crl_cache_http_timeout = 15s
+
+## The period to refresh the CRLs from the servers.  This is global
+## for all URLs and listeners.
+##
+## Value: Duration
+## Default: 15 m
+## crl_cache.refresh_interval = 15m
+
 ## The Ephemeral Diffie-Helman key exchange is a very effective way of
 ## ensuring Forward Secrecy by exchanging a set of keys that never hit
 ## the wire. Since the DH key is effectively signed by the private key,