istio
diff --git a/‎Cargo.lock‎
Lines changed: 130 additions & 1 deletion b/‎Cargo.lock‎
Lines changed: 130 additions & 1 deletion
diff --git a/‎src/config.rs‎
Lines changed: 3 additions & 3 deletions b/‎src/config.rs‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/proxy.rs‎
Lines changed: 4 additions & 1 deletion b/‎src/proxy.rs‎
Lines changed: 4 additions & 1 deletion
@@ -317,13 +317,13 @@ pub struct Config {
 
     pub ipv6_enabled: bool,
 
-    /// Enable CRL (Certificate Revocation List) checking
+    // Enable CRL (Certificate Revocation List) checking
     pub enable_crl: bool,
 
-    /// Path to CRL file
+    // Path to CRL file
     pub crl_path: PathBuf,
 
-    /// Allow expired CRL (for testing/rollout scenarios)
+    // Allow expired CRL (for testing/rollout scenarios)
     pub allow_expired_crl: bool,
 }
 
 
@@ -263,7 +263,6 @@ pub(super) struct ProxyInputs {
     resolver: Option<Arc<dyn Resolver + Send + Sync>>,
     // If true, inbound connections created with these inputs will not attempt to preserve the original source IP.
     pub disable_inbound_freebind: bool,
-    // CRL manager for certificate revocation checking
     pub(super) crl_manager: Option<Arc<tls::crl::CrlManager>>,
 }
 
@@ -303,6 +302,10 @@ impl Proxy {
         // We setup all the listeners first so we can capture any errors that should block startup
         let inbound = Inbound::new(pi.clone(), drain.clone()).await?;
 
+        if let Some(ref crl_mgr) = pi.crl_manager {
+            crl_mgr.register_connection_manager(pi.connection_manager.clone());
+        }
+
         // This exists for `direct` integ tests, no other reason
         #[cfg(any(test, feature = "testing"))]
         if pi.cfg.fake_self_inbound {