Hello.
Have you thought about implementing the feature to check CRLs for few certificates simultaneously?
For instance I'm authenticating users with certificates. There are few CAs:
ca1.cert.com
ca2.cert.com
caN.cert.com
I have few corresponding CRLs.
In Apache you can just use capath dir, where all your CAs and CRLs are stored. After CRL is updated apache just needs to be reloaded.
In nginx there is no way you can do this.
--
Regards,
Sergey