curl / Mailing Lists / curl-library / Single Mail

curl-library

RE: schannel: next InitializeSecurityContext failed: Unknown error

From: Salisbury, Mark via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 4 Jan 2019 17:04:33 +0000

This error message is actually pretty helpful:

Trying https://www.hollywood-mal.de/<https://www.hollywood-mal.de/> OK!
Trying https://www.hollywood-mal.com/<https://www.hollywood-mal.com/> FAIL: 35 schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver offline war. (NB: In English the error is probably "schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.")

I checked the CRL distribution point for both sites (you can see this info in the details of the site’s certificate), it’s the same:

[1]CRL Distribution Point
     Distribution Point Name:
          Full Name:
               URL=http://crl.starfieldtech.com/sfig2s1-103.crl

I copied your code, compiled it, and tested it:

C:\Users\MASALI1\source\repos\Debug>curl-test.exe
Trying https://www.hollywood-mal.de/ OK!
Trying https://www.hollywood-mal.com/ OK!

So it looks like it was a temporary problem. Is the problem continuing for you?

Thanks,
Mark

Here are a couple pages to help understand certificate revocation checks:
https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/
https://www.digicert.com/util/utility-test-ocsp-and-crl-access-from-a-server.htm


From: curl-library <curl-library-bounces_at_cool.haxx.se> On Behalf Of Andreas Falkenhahn via curl-library
Sent: Friday, January 4, 2019 5:31 AM
To: curl-library_at_cool.haxx.se
Cc: Andreas Falkenhahn <andreas_at_falkenhahn.com>
Subject: schannel: next InitializeSecurityContext failed: Unknown error

I know people have had problems with this before and I did my googling about it, but I don't really understand how to solve this problem because in my case it's particularly weird. Consider this little snippet:

static void tryconnect(const char *address)
{
CURL *curl = curl_easy_init();
CURLcode res;
char buf[CURL_ERROR_SIZE];

curl_easy_setopt(curl, CURLOPT_URL, address);
curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, buf);

printf("Trying %s ", address);
if(!(res = curl_easy_perform(curl))) {
printf("OK!\n");
} else {
printf("FAIL: %d %s\n", res, buf);
}

curl_easy_cleanup(curl);
}

int main(int argc, char *argv[])
{
curl_global_init(CURL_GLOBAL_DEFAULT);
tryconnect("https://www.hollywood-mal.de/<https://www.hollywood-mal.de/>"); --> works!
tryconnect("https://www.hollywood-mal.com/<https://www.hollywood-mal.com/>"); --> fails with schannel error
curl_global_cleanup();
return 0;
}

Why on earth does https://www.hollywood-mal.de/<https://www.hollywood-mal.de/> work fine and https://www.hollywood-mal.com/<https://www.hollywood-mal.com/> doesn't work at all? I'm the owner of both domains and they are hosted by the very same company with the very same settings, yet one works, and the other one doesn't. Of course, in a browser both work fine, but with curl only the *.de one works, the *.com one fails.

This is the output:

Trying https://www.hollywood-mal.de/<https://www.hollywood-mal.de/> OK!
Trying https://www.hollywood-mal.com/<https://www.hollywood-mal.com/> FAIL: 35 schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver offline war. (NB: In English the error is probably "schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.")

How can I solve this please? Some people seem to be suggesting to use the OpenSSL backend instead of schannel but is this really the only way to go? Isn't this possible with in-house Windows solutions?

I'm on curl 7.57.0, Windows 7, x64.

Thanks for ideas!

--
Best regards,
Andreas Falkenhahn mailto:andreas_at_falkenhahn.com


-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library<https://cool.haxx.se/list/listinfo/curl-library>
Etiquette: https://curl.haxx.se/mail/etiquette.html<https://curl.haxx.se/mail/etiquette.html>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-01-04