| title | description | ms.date |
|---|---|---|
Breaking change: Certificates checked before loading remote images in PictureBox |
Learn about the .NET 9 breaking change in Windows Forms where WebClient checks certificates against the revocation list before loading remote images in a PictureBox control. |
02/12/2024 |
The behavior of how xref:System.Windows.Forms.PictureBox loads a remote image changed in .NET 8. Now, before an image is loaded via xref:System.Net.WebClient, xref:System.Net.ServicePointManager.CheckCertificateRevocationList?displayProperty=nameWithType is set to true, so WebClient checks certificates against the certificate revocation list (CRL) as part of the validation process.
Previously, xref:System.Net.ServicePointManager.CheckCertificateRevocationList?displayProperty=nameWithType was not set to true. When WebClient loaded the remote image to a xref:System.Windows.Forms.PictureBox control, it didn't check certificates against the CRL as part of validation process.
Starting in .NET 8, xref:System.Net.ServicePointManager.CheckCertificateRevocationList?displayProperty=nameWithType is set to true, and WebClient checks certificates against the CRL as part of the validation process when loading a remote image in a PictureBox control. After the image is loaded, CheckCertificateRevocationList will be true for rest of the app's lifetime.
.NET 8
This change is a behavioral change.
It's considered best practice to set xref:System.Net.ServicePointManager.CheckCertificateRevocationList?displayProperty=nameWithType to true before creating WebClient or WebRequest objects, so that those objects don't accept revoked certificates as valid.
The effects of this change are outlined at Load behavior changes. If you want to revert to the previous behavior, that article also describes how to do so via a switch.
- xref:System.Windows.Forms.PictureBox?displayProperty=fullName