From 7d7d1ae6a0528fb9d001de6c4f8dc8a29268eeb5 Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Thu, 15 Jun 2017 18:25:35 -0700
Subject: [PATCH] etcdmain: configure CRL file through command line

---
 etcdmain/config.go | 2 ++
 etcdmain/help.go   | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/etcdmain/config.go b/etcdmain/config.go
index 8f257e0ef..99e0d7136 100644
--- a/etcdmain/config.go
+++ b/etcdmain/config.go
@@ -179,6 +179,7 @@ func newConfig() *config {
 	fs.StringVar(&cfg.ClientTLSInfo.CertFile, "cert-file", "", "Path to the client server TLS cert file.")
 	fs.StringVar(&cfg.ClientTLSInfo.KeyFile, "key-file", "", "Path to the client server TLS key file.")
 	fs.BoolVar(&cfg.ClientTLSInfo.ClientCertAuth, "client-cert-auth", false, "Enable client cert authentication.")
+	fs.StringVar(&cfg.ClientTLSInfo.CRLFile, "client-crl-file", "", "Path to the client certificate revocation list file.")
 	fs.StringVar(&cfg.ClientTLSInfo.TrustedCAFile, "trusted-ca-file", "", "Path to the client server TLS trusted CA key file.")
 	fs.BoolVar(&cfg.ClientAutoTLS, "auto-tls", false, "Client TLS using generated certificates")
 	fs.StringVar(&cfg.PeerTLSInfo.CAFile, "peer-ca-file", "", "DEPRECATED: Path to the peer server TLS CA file.")
@@ -187,6 +188,7 @@ func newConfig() *config {
 	fs.BoolVar(&cfg.PeerTLSInfo.ClientCertAuth, "peer-client-cert-auth", false, "Enable peer client cert authentication.")
 	fs.StringVar(&cfg.PeerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
 	fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
+	fs.StringVar(&cfg.PeerTLSInfo.CRLFile, "peer-crl-file", "", "Path to the peer certificate revocation list file.")
 
 	// logging
 	fs.BoolVar(&cfg.Debug, "debug", false, "Enable debug-level logging for etcd.")
diff --git a/etcdmain/help.go b/etcdmain/help.go
index cbead2e80..c82040ea2 100644
--- a/etcdmain/help.go
+++ b/etcdmain/help.go
@@ -128,6 +128,8 @@ security flags:
 		path to the client server TLS key file.
 	--client-cert-auth 'false'
 		enable client cert authentication.
+	--client-crl-file ''
+		path to the client certificate revocation list file.
 	--trusted-ca-file ''
 		path to the client server TLS trusted CA key file.
 	--auto-tls 'false'
@@ -144,6 +146,8 @@ security flags:
 		path to the peer server TLS trusted CA file.
 	--peer-auto-tls 'false'
 		peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided.
+	--peer-crl-file ''
+		path to the peer certificate revocation list file.
 
 logging flags