No, ATS does not support revocation checks on the client certificate.  By default it checks that the certificate is signed by a trusted root and is not expired.  Adding revocation logic is an interesting idea.

There is a hook (TS_EVENT_SSL_VERIFY_CLIENT) where you can you can have your plugin attach additional logic to verify the client-provided certificate.
https://docs.trafficserver.apache.org/en/latest/developer-guide/api/types/TSEvent.en.html?highlight=ts_event_ssl_verify_client#c.TS_EVENT_SSL_VERIFY_CLIENT

Looks like this is another place that could use some more documentation.  However, there is a test plugin that exercises the hook https://github.com/apache/trafficserver/blob/master/tests/tools/plugins/ssl_client_verify_test.cc

On Tue, Dec 3, 2019 at 5:35 AM supraja sridhar <suprajasridhar95@gmail.com> wrote:
Hello,

Does ATS perform revocation check on client certificate? Does it support CRL and OSCP?

Thanks,
Supraja