bring up to the config the CheckCertificateRevocation of SslStream.AuthenticateAsClient (#1234)

Co-authored-by: Björn Lundström <V912736@users.noreply.github.com>

docs/Configuration.md

@@ -86,6 +86,7 @@ The `ConfigurationOptions` object has a wide range of properties, all of which a
 | tiebreaker={string}    | `TieBreaker`           | `__Booksleeve_TieBreak`      | Key to use for selecting a server in an ambiguous master scenario                                         |
 | version={string}       | `DefaultVersion`       | (`3.0` in Azure, else `2.0`) | Redis version level (useful when the server does not make this available)                                 |
 | writeBuffer={int}      | `WriteBuffer`          | `4096`                       | Size of the output buffer                                                                                 |
+|                        | `CheckCertificateRevocation` | `true`                 | A Boolean value that specifies whether the certificate revocation list is checked during authentication.  |
 
 Additional code-only options:
 - ReconnectRetryPolicy (`IReconnectRetryPolicy`) - Default: `ReconnectRetryPolicy = LinearRetry(ConnectTimeout);`

src/StackExchange.Redis/ConfigurationOptions.cs

@@ -128,7 +128,7 @@ public static string TryNormalize(string value)
             }
         }
 
-        private bool? allowAdmin, abortOnConnectFail, highPrioritySocketThreads, resolveDns, ssl;
+        private bool? allowAdmin, abortOnConnectFail, highPrioritySocketThreads, resolveDns, ssl, checkCertificateRevocation;
 
         private string tieBreaker, sslHost, configChannel;
 
@@ -184,6 +184,11 @@ public static string TryNormalize(string value)
         /// </summary>
         public RedisChannel ChannelPrefix { get; set; }
 
+        /// <summary>
+        /// A Boolean value that specifies whether the certificate revocation list is checked during authentication.
+        /// </summary>
+        public bool CheckCertificateRevocation {get { return checkCertificateRevocation ?? true; } set { checkCertificateRevocation = value; }}
+
         /// <summary>
         /// Create a certificate validation check that checks against the supplied issuer even if not known by the machine
         /// </summary>

src/StackExchange.Redis/ExtensionMethods.cs

@@ -148,7 +148,7 @@ public static string[] ToStringArray(this RedisValue[] values)
             return Array.ConvertAll(values, x => (string)x);
         }
 
-        internal static void AuthenticateAsClient(this SslStream ssl, string host, SslProtocols? allowedProtocols)
+        internal static void AuthenticateAsClient(this SslStream ssl, string host, SslProtocols? allowedProtocols, bool checkCertificateRevocation)
         {
             if (!allowedProtocols.HasValue)
             {
@@ -158,8 +158,7 @@ internal static void AuthenticateAsClient(this SslStream ssl, string host, SslPr
             }
 
             var certificateCollection = new X509CertificateCollection();
-            const bool checkCertRevocation = true;
-            ssl.AuthenticateAsClient(host, certificateCollection, allowedProtocols.Value, checkCertRevocation);
+            ssl.AuthenticateAsClient(host, certificateCollection, allowedProtocols.Value, checkCertificateRevocation);
         }
 
         private static void AuthenticateAsClientUsingDefaultProtocols(SslStream ssl, string host)

src/StackExchange.Redis/PhysicalConnection.cs

@@ -1307,7 +1307,7 @@ internal async ValueTask<bool> ConnectedAsync(Socket socket, LogProxy log, Socke
                     {
                         try
                         {
-                            ssl.AuthenticateAsClient(host, config.SslProtocols);
+                            ssl.AuthenticateAsClient(host, config.SslProtocols, config.CheckCertificateRevocation);
                         }
                         catch (Exception ex)
                         {