Honoring R_LIBCURL_SSL_REVOKE_BEST_EFFORT

[zeehio]

Roughly one year ago (Aug 2022), R introduced a change to download.file() when using the curl backend.

On (typically corporate) environments with a "man in the middle" https certificate, the certificate revocation mechanisms do not work as they are expected to. The change in R is that it now takes a "best effort" approach to validate certificate revocation if R_LIBCURL_SSL_REVOKE_BEST_EFFORT="TRUE" is set. Without this env variable, https connections fail with an ssl connection error.

See the small and self-contained commit here: wch/r-source@f1ec503

It would be very convenient if the {curl} package could honor as well the R_LIBCURL_SSL_REVOKE_BEST_EFFORT environment variable by default, so with that same variable both download.file() and any other package using a {curl} function would automatically work (in my case, i'm having issues with renv).

• Is honoring R_LIBCURL_SSL_REVOKE_BEST_EFFORT something you would consider as desirable in this package?

• I could submit some pull requests, although I am not familiar with the code base and I would appreciate some pointers on where this support could be implemented.

Thanks for all your work!

[jeroen]

Do you currently experience any issues? I think we have disabled revoke checks on Windows.

[zeehio]

I was having trouble with renv and I assumed it was related to this, because I have been fighting with this connection issues for some days. However, now I can't reproduce the error.

I tried using a simple example with curl::curl_download() and it worked flawlessly.

I assume there was some unrelated networking error confusing me.

Please accept my apologies for wasting your time and thank you very much for your kind reply. I admire a lot your work.

I will close this issue, since it is already working.