Updates fail behind corporate MITM proxies due to revocation check

[billybednar]

After updating to Notepad++ v8.9.2 it is no longer possible to check for updates or use the plugin admin tool when behind certain corporate MITM proxies.

---------------------------
curl error
---------------------------
schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was
unable to check revocation for the certificate.
---------------------------
OK   
---------------------------

This is due to the strict TLS certificate revocation checking that was enabled in response to #99. Many proxies generate certificates that do not include a CRL distribution point and thus cannot be checked for revocation.

Consider using the CURLSSLOPT_REVOKE_BEST_EFFORT option suggested in that issue. It will ignore revocation check failures due to missing or offline CRL distribution points. The Git for Windows folks got it added to cURL several years back due to similar issues with proxies and now use it by default.

[xomx]

FYI @donho

I also think that it's safe to go with the mentioned CURLSSLOPT_REVOKE_BEST_EFFORT.

[xomx]

@donho
IDK if you saw this issue but there is another report:
https://community.notepad-plus-plus.org/topic/27427/plugins-admin-gets-curl-error

[donho]

@xomx
Thank you for your heads up!