From 795a2d96e9cc45da65fe2e13d44805f0f94bdb67 Mon Sep 17 00:00:00 2001
From: Andrew Dunham <adunham@stripe.com>
Date: Tue, 24 Oct 2017 20:20:31 -0700
Subject: [PATCH] Add "crl" field to CertificateValidationContext

Signed-off-by: Andrew Dunham <adunham@stripe.com>
---
 api/sds.proto | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/sds.proto b/api/sds.proto
index 393f9f9fc..4155a399a 100644
--- a/api/sds.proto
+++ b/api/sds.proto
@@ -93,6 +93,9 @@ message CertificateValidationContext {
 
   // Must present signed certificate time-stamp.
   google.protobuf.BoolValue require_signed_certificate_timestamp = 6;
+
+  // If specified, Envoy will verify certificates against this CRL.
+  DataSource crl = 7;
 }
 
 // TLS context shared by both client and server TLS contexts.