When performing a request via curl on Windows using schannel, ssl
certificate revocation checks does not handle verification failures
gracefully when an error is encountered that is unrelated to the actual
revocation of a certificate.
A new option is available to perform best effort revocation checks on
curl, so this is enabled by default on the Windows platform. A new
config option (box_download_disable_ssl_revoke_best_effort) has also
been added which can be optionally enabled to restore previous behavior
which results in a hard error if any error is encountered.
More context for this can be found in this curl issue and this curl PR
which adds support for best effort revocation check.
When performing a request via curl on Windows using schannel, ssl certificate revocation checks does not handle verification failures gracefully when an error is encountered that is unrelated to the actual revocation of a certificate.
A new option is available to perform best effort revocation checks on curl, so this is enabled by default on the Windows platform. A new config option (
box_download_disable_ssl_revoke_best_effort
) has also been added which can be optionally enabled to restore previous behavior which results in a hard error if any error is encountered.More context for this can be found in this curl issue and this curl PR which adds support for best effort revocation check.
Fixes #13102