[R] download.file strict certificate revocation check

Ivan Krylov kry|ov@r00t @end|ng |rom gm@||@com
Wed Oct 4 15:52:00 CEST 2023

В Wed, 4 Oct 2023 13:09:47 +0000
John Neset <John.Neset using noridian.com> пишет:

> Trying to do this, reference FAQ-
> 2.18 The Internet download functions fail.
> (c) A MITM proxy (typically in enterprise environments) makes it
> impossible to validate that certificates haven't been revoked. One
> can switch to only best effort revocation checks via an environment
> variable: see ?download.file.

Here's what help(download.file) has to say:

>>     On Windows with ‘method = "libcurl"’, when R was linked with
>>     ‘libcurl’ with ‘Schannel’ enabled, the connection fails if it
>>     cannot be established that the certificate has not been revoked.
>>     Some MITM proxies present particularly in corporate environments
>>     do not work with this behavior. It can be changed by setting
>>     environment variable ‘R_LIBCURL_SSL_REVOKE_BEST_EFFORT’ to
>>     ‘TRUE’, with the consequence of reducing security.

Does it help to Sys.setenv(...) this environment variable before
downloading? If not, please provide your sessionInfo() and the full
error message.

Best regards,

More information about the R-help mailing list