[R] download.file strict certificate revocation check
Ivan Krylov
kry|ov@r00t @end|ng |rom gm@||@com
Wed Oct 4 15:52:00 CEST 2023
В Wed, 4 Oct 2023 13:09:47 +0000
John Neset <John.Neset using noridian.com> пишет:
> Trying to do this, reference FAQ-
> 2.18 The Internet download functions fail.
> (c) A MITM proxy (typically in enterprise environments) makes it
> impossible to validate that certificates haven't been revoked. One
> can switch to only best effort revocation checks via an environment
> variable: see ?download.file.
Here's what help(download.file) has to say:
>> On Windows with ‘method = "libcurl"’, when R was linked with
>> ‘libcurl’ with ‘Schannel’ enabled, the connection fails if it
>> cannot be established that the certificate has not been revoked.
>> Some MITM proxies present particularly in corporate environments
>> do not work with this behavior. It can be changed by setting
>> environment variable ‘R_LIBCURL_SSL_REVOKE_BEST_EFFORT’ to
>> ‘TRUE’, with the consequence of reducing security.
Does it help to Sys.setenv(...) this environment variable before
downloading? If not, please provide your sessionInfo() and the full
error message.
--
Best regards,
Ivan
More information about the R-help
mailing list