Certificate Authorities periodically issue Certificate Revocation
Lists (CRLs) for certificates which have been revoked. Certificates
issued by a CA need to be checked against a current CRL issued by
the CA, otherwise they cannot be trusted.
By default, all CA's are considered CRL issuers. Disabling this
object disables CRL checking when computing trust for subordinate
certificates.