From 02bd68431b8b4ccf81121806658eb096a148f119 Mon Sep 17 00:00:00 2001
From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 4 May 2021 12:22:34 +0200
Subject: [PATCH] DOC: ssl: Add information about crl-file option

When using the crl-file option with multiple Certificate Authority
levels in the CA chain, there must be one CRL per CA or the verify
function on the backend side will raise an "unagle to get certificate
CRL" error (error code 3).

This was required by GitHub issue #1201.
---
 doc/configuration.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3130e323a..e01637010 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13373,7 +13373,8 @@ ciphersuites <ciphersuites>
 crl-file <crlfile>
   This setting is only available when support for OpenSSL was built in. It
   designates a PEM file from which to load certificate revocation list used
-  to verify client's certificate.
+  to verify client's certificate. You need to provide a certificate revocation
+  list for every certificate of your certificate authority chain.
 
 crt <cert>
   This setting is only available when support for OpenSSL was built in. It
-- 
2.47.3