Honor R_LIBCURL_SSL_REVOKE_BEST_EFFORT (#1624)

* Honor R_LIBCURL_SSL_REVOKE_BEST_EFFORT

R_LIBCURL_SSL_REVOKE_BEST_EFFORT was introduced in R on R-4.2 as documented in wch/r-source@f1ec503.

If the environment variable is set to TRUE, then curl relaxes the certificate revocation checks. This is needed on Windows systems using curl with the schannel backend on environments with man in the middle https certificates (typically corporate environments), since those certificate revocation checks otherwise fail.

To avoid duplicating custom configurations for all packages, I suggest to honor that environment variable here as well.

I tested the command:

curl.exe -X GET https://cloud.r-project.org/src/contrib/PACKAGES

on a system where it failed for the reasons described above. I tested the proposed solution and it worked.

curl.exe -X GET --ssl-revoke-best-effort  https://cloud.r-project.org/src/contrib/PACKAGES

I also considered that a user may have set the '--ssl-revoke-best-effort' parameter manually, and with my patch the user would be passing the parameter twice. I tested passing that option twice and curl did not care, so no backwards issue is expected. In other words, this worked:

curl.exe -X GET --ssl-revoke-best-effort   --ssl-revoke-best-effort  https://cloud.r-project.org/src/contrib/PACKAGES

* Update NEWS.md

NEWS.md

@@ -58,6 +58,8 @@
 
 * Use correct spelling of IRkernel package (#1528).
 
+* Honor `R_LIBCURL_SSL_REVOKE_BEST_EFFORT` when using an external `curl.exe`
+  binary to download files (#1624)
 
 # renv 1.0.0
 

R/download.R

@@ -308,6 +308,11 @@ renv_download_curl <- function(url, destfile, type, request, headers) {
       args$push(extra)
   }
 
+  # honor R_LIBCURL_SSL_REVOKE_BEST_EFFORT
+  # https://github.com/wch/r-source/commit/f1ec503e986593bced6720a5e9099df58a4162e7
+  if (Sys.getenv("R_LIBCURL_SSL_REVOKE_BEST_EFFORT") %in% c("T", "t", "TRUE", "true"))
+    args$push("--ssl-revoke-best-effort")
+
   # add in any user configuration files
   userconfig <- getOption(
     "renv.curl.config",