(PUP-11428) Print CRL information

Print information about each CRL in the SSLContext including the issuer for the
CRL. The `crlNumber` is incremented each time a new version is published and
the `authorityKeyIdentifier` identifies the public key corresponding to the
private key that was used to sign the CRL.

Author: joshcooper

lib/puppet/ssl/ssl_provider.rb

@@ -185,6 +185,12 @@ def print(ssl_context, alg = 'SHA256')
           Puppet.debug(_("Verified CA certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_utf8, digest: digest})
         end
       end
+      ssl_context.crls.each do |crl|
+        oid_values = Hash[crl.extensions.map { |ext| [ext.oid, ext.value] }]
+        crlNumber = oid_values['crlNumber'] || 'unknown'
+        authKeyId = (oid_values['authorityKeyIdentifier'] || 'unknown').chomp!
+        Puppet.debug("Using CRL '#{crl.issuer.to_utf8}' authorityKeyIdentifier '#{authKeyId}' crlNumber '#{crlNumber }'")
+      end
     end
   end