From 47d53a19aae912654692b3927f46613a04a84253 Mon Sep 17 00:00:00 2001
From: Gregory Cooke <gregorycooke@google.com>
Date: Mon, 20 Nov 2023 16:47:14 +0000
Subject: [PATCH] Mark old CRL APIs as deprecated

---
 security/advancedtls/crl.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security/advancedtls/crl.go b/security/advancedtls/crl.go
index 4eea8395a061..7f7f8c476d3d 100644
--- a/security/advancedtls/crl.go
+++ b/security/advancedtls/crl.go
@@ -59,11 +59,14 @@ type Cache interface {
 type RevocationConfig struct {
 	// RootDir is the directory to search for CRL files.
 	// Directory format must match OpenSSL X509_LOOKUP_hash_dir(3).
+	// Deprecated: use CRLProvider instead.
 	RootDir string
 	// AllowUndetermined controls if certificate chains with RevocationUndetermined
 	// revocation status are allowed to complete.
 	AllowUndetermined bool
 	// Cache will store CRL files if not nil, otherwise files are reloaded for every lookup.
+	// Only used for caching CRLs when using the RootDir setting.
+	// Deprecated: use CRLProvider instead.
 	Cache Cache
 	// CRLProvider is an alternative to using RootDir directly for the
 	// X509_LOOKUP_hash_dir approach to CRL files. If set, the CRLProvider's CRL