[Pkg-mono-svn-commits] [SCM] mono branch, master-experimental, updated. debian/2.6.7-2-5-ga053cc7

Iain Lane laney at ubuntu.com
Thu Sep 9 00:43:48 UTC 2010

The following commit has been merged in the master-experimental branch:
commit a2781e15232b2176561a9ca94be3e8aad9280e7d
Author: Iain Lane <laney at ubuntu.com>
Date:   Mon Aug 30 22:49:56 2010 +0100

    Add an environment variable to control X509 validation mode, and set default to no check
    Added a new environment variable, MONO_X509_REVOCATION_MODE that lets
    the user choose the default validation mode for X509 chains.
    This patch also sets the default validation mode to 'nocheck', which
    works around bugs in mono's validation handling.
    This is a cherry-picked patch from upstream commit

diff --git a/man/mono.1 b/man/mono.1
index 8a93184..3dc7b7c 100644
--- a/man/mono.1
+++ b/man/mono.1
@@ -1442,6 +1442,14 @@ AMQP implementation the variable should be set to:
+Sets the revocation mode used when validating a X509 certificate chain (https,
+ftps, smtps...).  The default is 'nocheck', which performs no revocation check
+at all. The other possible values are 'offline', which performs CRL check (not
+implemented yet) and 'online' which uses OCSP and CRL to verify the revocation
+status (not implemented yet).
diff --git a/mcs/class/System/System.Net/ServicePointManager.cs b/mcs/class/System/System.Net/ServicePointManager.cs
index cf48119..35fc71c 100644
--- a/mcs/class/System/System.Net/ServicePointManager.cs
+++ b/mcs/class/System/System.Net/ServicePointManager.cs
@@ -385,6 +385,19 @@ namespace System.Net
 			object sender;
 			string host;
 			static bool is_macosx = System.IO.File.Exists (MSX.OSX509Certificates.SecurityLibrary);
+			static X509RevocationMode revocation_mode;
+			static ChainValidationHelper ()
+			{
+				revocation_mode = X509RevocationMode.NoCheck;
+				try {
+					string str = Environment.GetEnvironmentVariable ("MONO_X509_REVOCATION_MODE");
+					if (String.IsNullOrEmpty (str))
+						return;
+					revocation_mode = (X509RevocationMode) Enum.Parse (typeof (X509RevocationMode), str, true);
+				} catch {
+				}
+			}
 			public ChainValidationHelper (object sender)
@@ -415,6 +428,7 @@ namespace System.Net
 				X509Chain chain = new X509Chain ();
 				chain.ChainPolicy = new X509ChainPolicy ();
+				chain.ChainPolicy.RevocationMode = revocation_mode;
 				for (int i = 1; i < certs.Count; i++) {
 					X509Certificate2 c2 = new X509Certificate2 (certs [i].RawData);
 					chain.ChainPolicy.ExtraStore.Add (c2);


More information about the Pkg-mono-svn-commits mailing list