The desired behavior for client certificate revocation checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "allow-valid". The allowed values and their meaning are:
"allow-all" - Allow the client to authenticate, the result of client certificate revocation check is ignored.
"allow-unknown" - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.
"allow-valid" - Allow the client to authenticate only when the revocation check returned an explicit positive response.
The desired behavior for client certificate revocation checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is
"allow-valid". The allowed values and their meaning are:Available since 2.6.