No, ATS does not support revocation checks on the client certificate.  By default it checks that the certificate is signed by a trusted root and is not expired.  Adding revocation logic is an interesting idea.

There is a hook (TS_EVENT_SSL_VERIFY_CLIENT) where you can you can have your plugin attach additional logic to verify the client-provided certificate.

Looks like this is another place that could use some more documentation.  However, there is a test plugin that exercises the hook

On Tue, Dec 3, 2019 at 5:35 AM supraja sridhar <> wrote:

Does ATS perform revocation check on client certificate? Does it support CRL and OSCP?