From d7948afd98f91db96c44543f0dd07c10bba66645 Mon Sep 17 00:00:00 2001
From: Craig Lutgen <craig.lutgen@cybersecureips.com>
Date: Mon, 12 Aug 2019 17:34:05 -0500
Subject: [PATCH] Fix client SslStream certificate chain CRL validation. The
 logic was inverse and CRLs were never checked.

Add a missing dispose in managed client.
---
 Source/MQTTnet.Extensions.ManagedClient/ManagedMqttClient.cs | 1 +
 Source/MQTTnet/Implementations/MqttTcpChannel.cs             | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Source/MQTTnet.Extensions.ManagedClient/ManagedMqttClient.cs b/Source/MQTTnet.Extensions.ManagedClient/ManagedMqttClient.cs
index f53a8dd..c9053e4 100644
--- a/Source/MQTTnet.Extensions.ManagedClient/ManagedMqttClient.cs
+++ b/Source/MQTTnet.Extensions.ManagedClient/ManagedMqttClient.cs
@@ -252,6 +252,7 @@ namespace MQTTnet.Extensions.ManagedClient
                 _maintainConnectionTask = null;
             }
 
+            _messageQueueLock.Dispose();
             _mqttClient.Dispose();
         }
 
diff --git a/Source/MQTTnet/Implementations/MqttTcpChannel.cs b/Source/MQTTnet/Implementations/MqttTcpChannel.cs
index 12fd2bb..d7943ad 100644
--- a/Source/MQTTnet/Implementations/MqttTcpChannel.cs
+++ b/Source/MQTTnet/Implementations/MqttTcpChannel.cs
@@ -86,7 +86,7 @@ namespace MQTTnet.Implementations
                 var sslStream = new SslStream(networkStream, false, InternalUserCertificateValidationCallback);
                 _stream = sslStream;
 
-                await sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(), _options.TlsOptions.SslProtocol, _options.TlsOptions.IgnoreCertificateRevocationErrors).ConfigureAwait(false);                
+                await sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(), _options.TlsOptions.SslProtocol, !_options.TlsOptions.IgnoreCertificateRevocationErrors).ConfigureAwait(false);                
             }
             else
             {