BouncyCastleSecureMimeContextCheckCertificateRevocation Property

Get or set whether or not certificate revocation lists should be downloaded when verifying signatures.

Namespace: MimeKit.Cryptography
Assembly: MimeKit (in MimeKit.dll) Version: 4.7.1

Syntax

public bool CheckCertificateRevocation { get; set; }

Property Value

Boolean
true if CRLs should be downloaded automatically; otherwise, false.

Remarks

Gets or sets whether or not certificate revocation lists should be downloaded when verifying signatures.

If enabled, the BouncyCastleSecureMimeContext will attempt to automatically download Certificate Revocation Lists (CRLs) from the internet based on the CRL Distribution Point extension on each certificate.

Security Note
Enabling this feature opens the client up to potential privacy risks. An attacker can generate a custom X.509 certificate containing a CRL Distribution Point or OCSP URL pointing to an attacker-controlled server, thereby getting a notification when the user decrypts the message or verifies its digital signature.

Reference

BouncyCastleSecureMimeContext Class

MimeKit.Cryptography Namespace