Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The behavior of how PictureBox loads a remote image changed in .NET 8. Now, before an image is loaded via WebClient, ServicePointManager.CheckCertificateRevocationList is set to true, so WebClient checks certificates against the certificate revocation list (CRL) as part of the validation process.
Previous behavior
Previously, ServicePointManager.CheckCertificateRevocationList was not set to true. When WebClient loaded the remote image to a PictureBox control, it didn't check certificates against the CRL as part of validation process.
New behavior
Starting in .NET 8, ServicePointManager.CheckCertificateRevocationList is set to true, and WebClient checks certificates against the CRL as part of the validation process when loading a remote image in a PictureBox control. After the image is loaded, CheckCertificateRevocationList will be true for rest of the app's lifetime.
Version introduced
.NET 8
Type of breaking change
This change is a behavioral change.
Reason for change
It's considered best practice to set ServicePointManager.CheckCertificateRevocationList to true before creating WebClient or WebRequest objects, so that those objects don't accept revoked certificates as valid.
Recommended action
The effects of this change are outlined at Load behavior changes. If you want to revert to the previous behavior, that article also describes how to do so via a switch.
Affected APIs
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
