For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and smime.pod files:
Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3940 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev