Add env.var. to control revocation mode.

        Added a new environment variable, MONO_X509_REVOCATION_MODE that lets
        the user choose the default validation mode for X509 chains.

man/mono.1

@@ -1604,6 +1604,13 @@ interpreter.  The possible values are `no' to disable the use of a
 custom serializer or a number to indicate when the XmlSerializer
 should start serializing.   The default value is 50, which means that
 the a custom serializer will be produced on the 50th use.
+.TP
+\fBMONO_X509_REVOCATION_MODE\fR
+Sets the revocation mode used when validating a X509 certificate chain (https,
+ftps, smtps...).  The default is 'nocheck', which performs no revocation check
+at all. The other possible values are 'offline', which performs CRL check (not
+implemented yet) and 'online' which uses OCSP and CRL to verify the revocation
+status (not implemented yet).
 .SH ENVIRONMENT VARIABLES FOR DEBUGGING
 .TP
 \fBMONO_ASPNET_NODELETE\fR

mcs/class/System/System.Net/ServicePointManager.cs

@@ -400,6 +400,19 @@ namespace System.Net
 			object sender;
 			string host;
 			static bool is_macosx = System.IO.File.Exists (MSX.OSX509Certificates.SecurityLibrary);
+			static X509RevocationMode revocation_mode;
+
+			static ChainValidationHelper ()
+			{
+				revocation_mode = X509RevocationMode.NoCheck;
+				try {
+					string str = Environment.GetEnvironmentVariable ("MONO_X509_REVOCATION_MODE");
+					if (String.IsNullOrEmpty (str))
+						return;
+					revocation_mode = (X509RevocationMode) Enum.Parse (typeof (X509RevocationMode), str, true);
+				} catch {
+				}
+			}
 
 			public ChainValidationHelper (object sender)
 			{
@@ -430,6 +443,7 @@ namespace System.Net
 
 				X509Chain chain = new X509Chain ();
 				chain.ChainPolicy = new X509ChainPolicy ();
+				chain.ChainPolicy.RevocationMode = revocation_mode;
 				for (int i = 1; i < certs.Count; i++) {
 					X509Certificate2 c2 = new X509Certificate2 (certs [i].RawData);
 					chain.ChainPolicy.ExtraStore.Add (c2);