Add policy to alter curl revoke settings on windows

common/kicad_curl/kicad_curl_easy.cpp

@@ -41,6 +41,8 @@
 #include <kiplatform/environment.h>
 #include <pgm_base.h>
 
+#include <kiplatform/policy.h>
+#include <policy_keys.h>
 
 struct CURL_PROGRESS
 {
@@ -131,8 +133,20 @@ KICAD_CURL_EASY::KICAD_CURL_EASY() :
 #endif
 
 #ifdef _WIN32
+    long sslOpts = CURLSSLOPT_NATIVE_CA;
+
+    POLICY_CURL_SSL_REVOKE policyState = KIPLATFORM::POLICY::GetPolicyEnum<POLICY_CURL_SSL_REVOKE>( POLICY_KEY_REQUESTS_CURL_REVOKE );
+    if( policyState == POLICY_CURL_SSL_REVOKE::BEST_EFFORT )
+    {
+        sslOpts |= CURLSSLOPT_REVOKE_BEST_EFFORT;
+    }
+    else if( policyState == POLICY_CURL_SSL_REVOKE::NONE )
+    {
+        sslOpts |= CURLSSLOPT_NO_REVOKE;
+    }
+
     // We need this to use the Windows Certificate store
-    curl_easy_setopt( m_CURL, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA );
+    curl_easy_setopt( m_CURL, CURLOPT_SSL_OPTIONS, sslOpts );
 #endif
 
     if( wxGetEnv( wxT( "KICAD_CURL_VERBOSE" ), nullptr ) )

include/policy_keys.h

@@ -25,7 +25,17 @@
 #ifndef POLICY_KEYS_H_
 #define POLICY_KEYS_H_
 
+#include <cstdint>
+
 #define POLICY_KEY_DATACOLLECTION wxT( "DataCollection" )
 #define POLICY_KEY_PCM wxT( "PluginAndContentManager" )
+#define POLICY_KEY_REQUESTS_CURL_REVOKE wxT( "curl\\SslRevoke" )
+
+enum class POLICY_CURL_SSL_REVOKE : std::uint32_t
+{
+	DEFAULT = 0,
+	BEST_EFFORT = 1,
+	NONE = 2
+};
 
 #endif // POLICY_KEYS_H_