1. Proposed title of this feature request

Support CRLs when configuring OCP IDPs

2. What is the nature and description of the request?

When setting up Identity Providers for OCP, a CA bundle is often provided. But it is not possible to pass a CRL. In case there's some CRL list used, it doesn't seem to be mentioned in the docs..

3. Why does the customer need this? (List the business requirements here)

This is not a request backed by a customer, but instead a requirement for reaching compliance with FedRAMP moderate. Some controls, like IA-5(2) require a CRL or OCSP:

The information system, for PKI-based authentication:
(a) Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information;
(b) Enforces authorized access to the corresponding private key;
(c) Maps the authenticated identity to the account of the individual or group; and
(d) I*mplements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.*

4. List any affected packages or components.

The OAuth proxy I guess?