From 5dcb5e2f0fada3623028fb387da5e055ff15a976 Mon Sep 17 00:00:00 2001
From: Jay Herron <NeedleInAJayStack@protonmail.com>
Date: Thu, 9 Oct 2025 11:15:28 -0600
Subject: [PATCH] feat: Clarifies CRL format

This is just to help clarify that the CRL input must match the certificate chain, which was discovered from this stackoverflow: https://stackoverflow.com/questions/17086934/nginx-unable-to-get-certificate-crl
---
 xml/en/docs/http/ngx_http_ssl_module.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml
index 5334fd02..4aca70c4 100644
--- a/xml/en/docs/http/ngx_http_ssl_module.xml
+++ b/xml/en/docs/http/ngx_http_ssl_module.xml
@@ -447,7 +447,8 @@ might result in unexpected behavior.
 <para>
 Specifies a <value>file</value> with revoked certificates (CRL)
 in the PEM format used to <link id="ssl_verify_client">verify</link>
-client certificates.
+client certificates. If provided, a CRL must be included for each
+certificate in the certificate chain.
 </para>
 
 </directive>