> How do you configure Certificate Revocation lists for use with racoon?
> I couldn't find any references to them (CRLs) in documentation.

racoon leaves the verificateion of the certificate to OpenSSL.
racoon calls X509_verify_cert() to verify a certificate.
if X509_verify_cert() checks and verify a CRL, then racoon can support CRL.