TLS certificate revocation support
Submitted by Dan Winship
We need to support CRLs (certificate revocation lists) in some way.
If there is a standard location for storing CRLs on some distros, we should pick up CRLs there automatically. Likewise, if the GTlsCertificateDB (bug 636572) supports storing CRLs, we should pick those up automatically.
It is not clear that there needs to be an API for adding CRLs; adding CRLs is something that a sysadmin would do (eg, by adding a .crl file to a directory), not that an application user would do.