From dfe230be8bb34b4711d54ec560f76b355a1ece57 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Thu, 16 Jul 2020 10:51:54 -0700
Subject: [PATCH] CRL support

---
 core/zerotier.h | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/core/zerotier.h b/core/zerotier.h
index ef18a89de..af2d3768b 100644
--- a/core/zerotier.h
+++ b/core/zerotier.h
@@ -299,15 +299,25 @@ typedef struct
 #define ZT_CERTIFICATE_MAX_STRING_LENGTH 127
 
 /**
- * Certificate is a root CA
+ * Certificate is a root CA (local trust flag)
  */
 #define ZT_CERTIFICATE_LOCAL_TRUST_FLAG_ROOT_CA 0x0001U
 
 /**
- * Certificate's subject describes a set of roots
+ * Certificate's subject describes a set of roots (local trust flag)
  */
 #define ZT_CERTIFICATE_LOCAL_TRUST_FLAG_ZEROTIER_ROOT_SET 0x0002U
 
+/**
+ * Certificate flag indicating that this certificate is a revocation.
+ *
+ * For certificate revocations only the certificates field of the subject
+ * is significant, and must enumerate the serial numbers (hashes) of
+ * certificates being revoked. Revoked certificates must be certificates
+ * signed by the issuer doing the revocation.
+ */
+#define ZT_CERTIFICATE_FLAG_REVOCATION 0x0001U
+
 /**
  * Size of a unique ID of the given key type (with type prefix byte)
  */