tlshd: Add x509.crl option to man page.

Update the tlshd.conf man page to include the x509.crl option
available in the authenticate.server and authenticate.client
sections.

Signed-off-by: Rik Theys <[email protected]>
Signed-off-by: Chuck Lever <[email protected]>

Author: rtheys

src/tlshd/tlshd.conf

@@ -30,10 +30,12 @@ nl=0
 
 [authenticate.client]
 #x509.truststore= <pathname>
+#x509.crl= <pathname>
 #x509.certificate= <pathname>
 #x509.private_key= <pathname>
 
 [authenticate.server]
 #x509.truststore= <pathname>
+#x509.crl= <pathname>
 #x509.certificate= <pathname>
 #x509.private_key= <pathname>

src/tlshd/tlshd.conf.man

@@ -100,7 +100,7 @@ and it consults the settings in the
 .I [server]
 subsection when handling the server end of a handshake.
 .P
-In each of these two subsections, there are three available options:
+In each of these two subsections, there are four available options:
 .TP
 .B x509.truststore
 This option specifies the pathname of a file containing a
@@ -110,6 +110,13 @@ If this option is not specified,
 .B tlshd
 uses the system's trust store.
 .TP
+.B x509.crl
+This option specifies the pathname of a file containing
+PEM-encoded certificate revocation lists (CRL) that are to be
+used to verify the revocation status of certificates during
+each handshake.
+If this option is not specified, CRL checking is skipped.
+.TP
 .B x509.certificate
 This option specifies the pathname of a file containing
 a PEM-encoded x.509 certificate that is to be presented during