public bool IsRevoked(X509Certificate certificate) { if (certificate.IsRoot()) return false; string authorityId = certificate.GetAuthorityKeyIdentifier(); //TODO: make this thread safe Crl crl = GetCrl(authorityId); if (crl == null) crl = CreateCrlEntry(authorityId, certificate.GetCrlDistributionPointAddresses()); if (!crl.Valid) return true; return crl.Contains(certificate) || IsRevoked(crl.IssuerCertificate); }