Support for disabling certificate revocation checks on schannel

[jeroen-mostert]

I'm on Windows (10.0.19045.3930, if it matters) and using libgit2sharp 0.29, which switched to libgit2 1.7.1. 1.7.0 introduced (optional, configurable?) schannel support, which I'm suspecting is causing my problem: attempting to clone fails with a "certificate revocation status could not be verified" error. I can reproduce this with command-line git (2.43.0) if I explicitly set the option http.schannelCheckRevoke to true, which then gives schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. This is odd in itself, because according to the docs, this should be the default anyway. But sure enough, if I unset the option, or explicitly set it to false, command-line git as well as libgit2sharp 0.28 clone just fine.

This can of course be worked around in various ways, including making revocation work (somehow) or overriding certificate checking with a callback and re-doing the verification myself with revocation checking turned off (clunky as that is), but I suspect that in order for this to work through configuration as it does now, libgit2 would need explicit support for the http.schannelCheckRevoke option and it currently doesn't have it, correct?

Apologies for not supplying a full repro; this would require both setting up a failing revocation through schannel as well as conjuring up code for calling libgit2 directly. I think I'm at least correct in locating the issue in libgit2 rather than libgit2sharp.

[csware]

May this depend on the configured internet options of (Internet Explorer|Windows)?