What/how do I interact with the download.file with turning off the strict certificate revocation check in regards to download & update packages?
I clearly made an attempt at this, but failed miserably.
Trying to do this, reference FAQ-
2.18 The Internet download functions fail.
(c) A MITM proxy (typically in enterprise environments) makes it impossible to validate that certificates haven't been revoked. One can switch to only best effort revocation checks via an environment variable: see ?download.file.
Confidentiality Notice - This communication and any atta...{{dropped:10}}
download.file strict certificate revocation check
6 messages · Ivan Krylov, John Neset, Jim Lemon +1 more
? Wed, 4 Oct 2023 13:09:47 +0000 John Neset <John.Neset at noridian.com> ?????:
Trying to do this, reference FAQ- 2.18 The Internet download functions fail. (c) A MITM proxy (typically in enterprise environments) makes it impossible to validate that certificates haven't been revoked. One can switch to only best effort revocation checks via an environment variable: see ?download.file.
Here's what help(download.file) has to say:
On Windows with ?method = "libcurl"?, when R was linked with
?libcurl? with ?Schannel? enabled, the connection fails if it
cannot be established that the certificate has not been revoked.
Some MITM proxies present particularly in corporate environments
do not work with this behavior. It can be changed by setting
environment variable ?R_LIBCURL_SSL_REVOKE_BEST_EFFORT? to
?TRUE?, with the consequence of reducing security.
Does it help to Sys.setenv(...) this environment variable before downloading? If not, please provide your sessionInfo() and the full error message.
Best regards, Ivan
Ivan, SSL connect error & we definitely have MITM doing certificate interference. No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT Environment variable results should be attached. -----Original Message----- From: Ivan Krylov <krylov.r00t at gmail.com> Sent: Wednesday, October 4, 2023 8:52 AM To: John Neset <John.Neset at noridian.com> Cc: r-help at R-project.org Subject: Re: [R] download.file strict certificate revocation check WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. ? Wed, 4 Oct 2023 13:09:47 +0000 John Neset <John.Neset at noridian.com> ?????:
Trying to do this, reference FAQ- 2.18 The Internet download functions fail. (c) A MITM proxy (typically in enterprise environments) makes it impossible to validate that certificates haven't been revoked. One can switch to only best effort revocation checks via an environment variable: see ?download.file.
Here's what help(download.file) has to say:
On Windows with ?method = "libcurl"?, when R was linked with
?libcurl? with ?Schannel? enabled, the connection fails if it
cannot be established that the certificate has not been revoked.
Some MITM proxies present particularly in corporate environments
do not work with this behavior. It can be changed by setting
environment variable ?R_LIBCURL_SSL_REVOKE_BEST_EFFORT? to
?TRUE?, with the consequence of reducing security.
Does it help to Sys.setenv(...) this environment variable before downloading? If not, please provide your sessionInfo() and the full error message. -- Best regards, Ivan Confidentiality Notice - This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message. -------------- next part -------------- A non-text attachment was scrubbed... Name: 2023-10-04_09-30-52.png Type: image/png Size: 88749 bytes Desc: 2023-10-04_09-30-52.png URL: <https://stat.ethz.ch/pipermail/r-help/attachments/20231004/bd523cf2/attachment.png>
? Wed, 4 Oct 2023 14:32:49 +0000 John Neset <John.Neset at noridian.com> ?????:
No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT
Judging by the screenshot, it looks like you've set an R variable
R_LIBCURL_SSL_REVOKE_BEST_EFFORT instead of setting an environment
variable using Sys.setenv:
Sys.setenv('R_LIBCURL_SSL_REVOKE_BEST_EFFORT' = 'TRUE')
(Use Sys.getenv to verify the result.)
For the next time, most people on the R-help mailing list would
probably appreciate it if you copied and pasted the text from the R
console instead of attaching screenshots.
Best regards, Ivan
Hello, I am very sad to let you know that my husband Jim died in 18th September. I apologise for not letting you know earlier but I had trouble finding the password for his phone. Kind regards, Juel Briggs
On Thu, 5 Oct 2023, 02:07 Ivan Krylov <krylov.r00t at gmail.com wrote:
? Wed, 4 Oct 2023 14:32:49 +0000 John Neset <John.Neset at noridian.com> ?????:
No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT
Judging by the screenshot, it looks like you've set an R variable
R_LIBCURL_SSL_REVOKE_BEST_EFFORT instead of setting an environment
variable using Sys.setenv:
Sys.setenv('R_LIBCURL_SSL_REVOKE_BEST_EFFORT' = 'TRUE')
(Use Sys.getenv to verify the result.)
For the next time, most people on the R-help mailing list would
probably appreciate it if you copied and pasted the text from the R
console instead of attaching screenshots.
--
Best regards,
Ivan
______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
This is sad news indeed. https://cran.r-project.org/web/checks/check_summary_by_maintainer.html lists Jim as the maintainer of clinsig, crank, eventInterval, plotrix, and prettyR. > library(packageRank) > packageRank(c("clinsig", "crank", "eventInterval", "plotrix", "prettyR")) date packages downloads rank percentile 1 2023-10-03 clinsig 1 14,454 of 18,024 0.0 2 2023-10-03 crank 2 11,344 of 18,024 22.8 3 2023-10-03 eventInterval 4 8,001 of 18,024 51.0 4 2023-10-03 plotrix 3,082 310 of 18,024 98.3 5 2023-10-03 prettyR 90 1,954 of 18,024 89.1 It seems that at least plotrix and prettyR would be worth rescuing ... volunteers ... ? (prettyR has 1 strong reverse dep, plotrix has many ...) Ben Bolker
On 2023-10-04 6:30 p.m., Jim Lemon wrote:
Hello, I am very sad to let you know that my husband Jim died in 18th September. I apologise for not letting you know earlier but I had trouble finding the password for his phone. Kind regards, Juel Briggs On Thu, 5 Oct 2023, 02:07 Ivan Krylov <krylov.r00t at gmail.com wrote:
? Wed, 4 Oct 2023 14:32:49 +0000 John Neset <John.Neset at noridian.com> ?????:
No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT
Judging by the screenshot, it looks like you've set an R variable
R_LIBCURL_SSL_REVOKE_BEST_EFFORT instead of setting an environment
variable using Sys.setenv:
Sys.setenv('R_LIBCURL_SSL_REVOKE_BEST_EFFORT' = 'TRUE')
(Use Sys.getenv to verify the result.)
For the next time, most people on the R-help mailing list would
probably appreciate it if you copied and pasted the text from the R
console instead of attaching screenshots.
--
Best regards,
Ivan
______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
[[alternative HTML version deleted]]
______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.