[feature request] check CRL when accepting client certificates

[uedvt359]

We are using gunicorn for an API where clients authenticate through client certificates.

We've hacked something together in a custom SyncWorker, but I think this might be useful to be implemented (properly) upstream. Currently, we download our custom CRL lists in a thread every X hours, and compare serial numbers in handle_request. I believe a better way would be to wait for #2649 and implement this right in the sslContext, right?

Would such a feature be accepted? Especially, reloading CRLs from multiple URLs in a regular interval?