proposal: crypto/tls: support for checking certificate chains against CRL revocation #68573
Description
Proposal Details
Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow:
https://github.com/grpc/grpc-go/blob/master/security/advancedtls/advancedtls.go#L579
the pointer to CRLs can be part of x509 verify options as well which is used in certificate.Verify() call.
https://pkg.go.dev/crypto/x509#Certificate.Verify
https://pkg.go.dev/crypto/x509#VerifyOptions