kSecPolicyKU_CRLSign

If true, the certificate’s key usage must allow it to be used for signing certificate revocation lists (CRLs).

let kSecPolicyKU_CRLSign: CFString