RT3291: Add -crl and -revoke options to CA.pl

Document the new features
Reviewed-by: NTim Hudson <tjh@openssl.org>

doc/apps/CA.pl.pod

@@ -89,6 +89,17 @@ is useful when creating intermediate CA from a root CA.
 this option is the same as B<-sign> except it expects a self signed certificate
 to be present in the file "newreq.pem".
 
+=item B<-crl>
+
+generate a CRL
+
+=item B<-revoke certfile [reason]>
+
+revoke the certificate contained in the specified B<certfile>. An optional
+reason may be specified, and must be one of: B<unspecified>,
+B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>,
+B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
+
 =item B<-verify>
 
 verifies certificates against the CA certificate for "demoCA". If no certificates