Title: TLS: add CRL-related information to TRANSPORT_FAILURE_REASON
Description:
Currently, operators are responsible for providing and maintaining CRLs used by Envoy proxy. CRL verification checks may fail due to not-yet-ready/expired CRLs or missing CRLs (e.g. for a new CRLDP not previously known to operators).
Similar to previous enhancements that included certificate SANs when SAN validation fails, adding certificate CRLDP and CRL-related error information to the TRANSPORT_FAILURE_REASON can help operators quickly troubleshoot issues.
[optional Relevant Links:]
Title: TLS: add CRL-related information to TRANSPORT_FAILURE_REASON
Description:
Currently, operators are responsible for providing and maintaining CRLs used by Envoy proxy. CRL verification checks may fail due to not-yet-ready/expired CRLs or missing CRLs (e.g. for a new CRLDP not previously known to operators).
Similar to previous enhancements that included certificate SANs when SAN validation fails, adding certificate CRLDP and CRL-related error information to the
TRANSPORT_FAILURE_REASONcan help operators quickly troubleshoot issues.[optional Relevant Links:]