Skip to content

Updates fail behind corporate MITM proxies due to revocation check #103

@billybednar

Description

@billybednar

After updating to Notepad++ v8.9.2 it is no longer possible to check for updates or use the plugin admin tool when behind certain corporate MITM proxies.

---------------------------
curl error
---------------------------
schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was
unable to check revocation for the certificate.
---------------------------
OK   
---------------------------

This is due to the strict TLS certificate revocation checking that was enabled in response to #99. Many proxies generate certificates that do not include a CRL distribution point and thus cannot be checked for revocation.

Consider using the CURLSSLOPT_REVOKE_BEST_EFFORT option suggested in that issue. It will ignore revocation check failures due to missing or offline CRL distribution points. The Git for Windows folks got it added to cURL several years back due to similar issues with proxies and now use it by default.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions