cpr icon indicating copy to clipboard operation
cpr copied to clipboard
verified publisher icon libcpr

Ignore certificate revocation checks in case of missing or offline distribution points on Windows

Open treyn008 opened this issue 1 year ago • 1 comments

Set the CURLSSLOPT_REVOKE_BEST_EFFORT option, if curl is on the version 7.70.0 or later.

The SSL option is equivalent to the --ssl-revoke-best-effort curl flag. This option results in ignoring errors regarding the revocation check being unable to take place. This is only an issue on Windows, due to this being the default behavior from schannel.

(source)

treyn008 avatar Jul 31 '24 22:07 treyn008

@treyn008 thanks for this PR! To me this should be an option and not be enabled by default. Else this could be a potential security issue.

Perhaps make it a part of cpr::SslOptions. Also please create a PR with a bit of docs here: https://github.com/libcpr/docs

COM8 avatar Aug 17 '24 13:08 COM8

Closing for no response. Feel free to reopen in case you want to continue working on this PR.

COM8 avatar Sep 22 '24 11:09 COM8