Re: [R] download.file strict certificate revocation check
Ivan, SSL connect error & we definitely have MITM doing certificate interference. No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT Environment variable results should be attached. -Original Message- From: Ivan Krylov Sent: Wednesday, October 4, 2023 8:52 AM To: John Neset Cc: r-help@R-project.org Subject: Re: [R] download.file strict certificate revocation check WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. В Wed, 4 Oct 2023 13:09:47 + John Neset пишет: > Trying to do this, reference FAQ- > 2.18 The Internet download functions fail. > (c) A MITM proxy (typically in enterprise environments) makes it > impossible to validate that certificates haven't been revoked. One can > switch to only best effort revocation checks via an environment > variable: see ?download.file. Here's what help(download.file) has to say: >> On Windows with ‘method = "libcurl"’, when R was linked with >> ‘libcurl’ with ‘Schannel’ enabled, the connection fails if it >> cannot be established that the certificate has not been revoked. >> Some MITM proxies present particularly in corporate environments >> do not work with this behavior. It can be changed by setting >> environment variable ‘R_LIBCURL_SSL_REVOKE_BEST_EFFORT’ to >> ‘TRUE’, with the consequence of reducing security. Does it help to Sys.setenv(...) this environment variable before downloading? If not, please provide your sessionInfo() and the full error message. -- Best regards, Ivan Confidentiality Notice - This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message. __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
Re: [R] download.file strict certificate revocation check
This is sad news indeed. https://cran.r-project.org/web/checks/check_summary_by_maintainer.html lists Jim as the maintainer of clinsig, crank, eventInterval, plotrix, and prettyR. > library(packageRank) > packageRank(c("clinsig", "crank", "eventInterval", "plotrix", "prettyR")) date packages downloads rank percentile 1 2023-10-03 clinsig 1 14,454 of 18,0240.0 2 2023-10-03 crank 2 11,344 of 18,024 22.8 3 2023-10-03 eventInterval 4 8,001 of 18,024 51.0 4 2023-10-03 plotrix 3,082310 of 18,024 98.3 5 2023-10-03 prettyR90 1,954 of 18,024 89.1 It seems that at least plotrix and prettyR would be worth rescuing ... volunteers ... ? (prettyR has 1 strong reverse dep, plotrix has many ...) Ben Bolker On 2023-10-04 6:30 p.m., Jim Lemon wrote: Hello, I am very sad to let you know that my husband Jim died in 18th September. I apologise for not letting you know earlier but I had trouble finding the password for his phone. Kind regards, Juel Briggs On Thu, 5 Oct 2023, 02:07 Ivan Krylov В Wed, 4 Oct 2023 14:32:49 + John Neset пишет: No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT Judging by the screenshot, it looks like you've set an R variable R_LIBCURL_SSL_REVOKE_BEST_EFFORT instead of setting an environment variable using Sys.setenv: Sys.setenv('R_LIBCURL_SSL_REVOKE_BEST_EFFORT' = 'TRUE') (Use Sys.getenv to verify the result.) For the next time, most people on the R-help mailing list would probably appreciate it if you copied and pasted the text from the R console instead of attaching screenshots. -- Best regards, Ivan __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code. [[alternative HTML version deleted]] __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code. __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
Re: [R] download.file strict certificate revocation check
Hello, I am very sad to let you know that my husband Jim died in 18th September. I apologise for not letting you know earlier but I had trouble finding the password for his phone. Kind regards, Juel Briggs On Thu, 5 Oct 2023, 02:07 Ivan Krylov В Wed, 4 Oct 2023 14:32:49 + > John Neset пишет: > > > No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT > > Judging by the screenshot, it looks like you've set an R variable > R_LIBCURL_SSL_REVOKE_BEST_EFFORT instead of setting an environment > variable using Sys.setenv: > > Sys.setenv('R_LIBCURL_SSL_REVOKE_BEST_EFFORT' = 'TRUE') > > (Use Sys.getenv to verify the result.) > > For the next time, most people on the R-help mailing list would > probably appreciate it if you copied and pasted the text from the R > console instead of attaching screenshots. > > -- > Best regards, > Ivan > > __ > R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide > http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. > [[alternative HTML version deleted]] __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
Re: [R] download.file strict certificate revocation check
В Wed, 4 Oct 2023 14:32:49 + John Neset пишет: > No change with True or False with R_LIBCURL_SSL_REVOKE_BEST_EFFORT Judging by the screenshot, it looks like you've set an R variable R_LIBCURL_SSL_REVOKE_BEST_EFFORT instead of setting an environment variable using Sys.setenv: Sys.setenv('R_LIBCURL_SSL_REVOKE_BEST_EFFORT' = 'TRUE') (Use Sys.getenv to verify the result.) For the next time, most people on the R-help mailing list would probably appreciate it if you copied and pasted the text from the R console instead of attaching screenshots. -- Best regards, Ivan __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
Re: [R] download.file strict certificate revocation check
В Wed, 4 Oct 2023 13:09:47 + John Neset пишет: > Trying to do this, reference FAQ- > 2.18 The Internet download functions fail. > (c) A MITM proxy (typically in enterprise environments) makes it > impossible to validate that certificates haven't been revoked. One > can switch to only best effort revocation checks via an environment > variable: see ?download.file. Here's what help(download.file) has to say: >> On Windows with ‘method = "libcurl"’, when R was linked with >> ‘libcurl’ with ‘Schannel’ enabled, the connection fails if it >> cannot be established that the certificate has not been revoked. >> Some MITM proxies present particularly in corporate environments >> do not work with this behavior. It can be changed by setting >> environment variable ‘R_LIBCURL_SSL_REVOKE_BEST_EFFORT’ to >> ‘TRUE’, with the consequence of reducing security. Does it help to Sys.setenv(...) this environment variable before downloading? If not, please provide your sessionInfo() and the full error message. -- Best regards, Ivan __ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.