Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: schannel: next InitializeSecurityContext failed: Unknown error

From: Andreas Falkenhahn via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 4 Jan 2019 18:14:06 +0100

Unfortunately, the problem persists here. In the meantime I've made some further tests and I've found out that the problem happens only on my Windows 7 machine. On my Windows 10 machine both sites work just fine, like on your system. But on my Windows 7 machine the *.de site works, but the *.com site doesn't. This is really confusing me, especially because the CRL distribution point for both sites is the same. I haven't got the slightest idea how to fix this :-/

On 04.01.2019 at 18:04 Salisbury, Mark wrote:

>
>
>
> This error message is actually pretty helpful:
>
>
>
> Trying https://www.hollywood-mal.de/ OK!
> Trying https://www.hollywood-mal.com/ FAIL: 35 schannel: next
> InitializeSecurityContext failed: Unknown error (0x80092013) - Die
> Sperrfunktion konnte die Sperrung nicht überprüfen, da der
> Sperrserver offline war. (NB: In English the error is probably
> "schannel: next InitializeSecurityContext failed: Unknown error
> (0x80092013) - The revocation function was unable to check
> revocation because the revocation server was offline.")
>
>
>
> I checked the CRL distribution point for both sites (you can see
> this info in the details of the site’s certificate), it’s the same:
>
>
>
> [1]CRL Distribution Point
>
> Distribution Point Name:
>
> Full Name:
>
> URL=http://crl.starfieldtech.com/sfig2s1-103.crl
>
>
>
> I copied your code, compiled it, and tested it:
>
>
>
> C:\Users\MASALI1\source\repos\Debug>curl-test.exe
>
> Trying https://www.hollywood-mal.de/ OK!
>
> Trying https://www.hollywood-mal.com/ OK!
>
>
>
> So it looks like it was a temporary problem. Is the problem continuing for you?
>
>
>
> Thanks,
> Mark
>
>
>
> Here are a couple pages to help understand certificate revocation checks:
>
> https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/
>
> https://www.digicert.com/util/utility-test-ocsp-and-crl-access-from-a-server.htm
>
>
>
>
>
>
>
> From: curl-library <curl-library-bounces_at_cool.haxx.se> On Behalf Of
> Andreas Falkenhahn via curl-library
> Sent: Friday, January 4, 2019 5:31 AM
> To: curl-library_at_cool.haxx.se
> Cc: Andreas Falkenhahn <andreas_at_falkenhahn.com>
> Subject: schannel: next InitializeSecurityContext failed: Unknown error
>
>
>
> I know people have had problems with this before and I did my
> googling about it, but I don't really understand how to solve this
> problem because in my case it's particularly weird. Consider this little snippet:
>
> static void tryconnect(const char *address)
> {
> CURL *curl = curl_easy_init();
> CURLcode res;
> char buf[CURL_ERROR_SIZE];
>
> curl_easy_setopt(curl, CURLOPT_URL, address);
> curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1);
> curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, buf);
>
> printf("Trying %s ", address);
> if(!(res = curl_easy_perform(curl))) {
> printf("OK!\n");
> } else {
> printf("FAIL: %d %s\n", res, buf);
> }
>
> curl_easy_cleanup(curl);
> }
>
> int main(int argc, char *argv[])
> {
> curl_global_init(CURL_GLOBAL_DEFAULT);
> tryconnect("https://www.hollywood-mal.de/"); --> works!
> tryconnect("https://www.hollywood-mal.com/"); --> fails with schannel error
> curl_global_cleanup();
> return 0;
> }
>
> Why on earth does https://www.hollywood-mal.de/ work fine and
> https://www.hollywood-mal.com/ doesn't work at all? I'm the owner of
> both domains and they are hosted by the very same company with the
> very same settings, yet one works, and the other one doesn't. Of
> course, in a browser both work fine, but with curl only the *.de one works, the *.com one fails.
>
> This is the output:
>
> Trying https://www.hollywood-mal.de/ OK!
> Trying https://www.hollywood-mal.com/ FAIL: 35 schannel: next
> InitializeSecurityContext failed: Unknown error (0x80092013) - Die
> Sperrfunktion konnte die Sperrung nicht überprüfen, da der
> Sperrserver offline war. (NB: In English the error is probably
> "schannel: next InitializeSecurityContext failed: Unknown error
> (0x80092013) - The revocation function was unable to check
> revocation because the revocation server was offline.")
>
> How can I solve this please? Some people seem to be suggesting to
> use the OpenSSL backend instead of schannel but is this really the
> only way to go? Isn't this possible with in-house Windows solutions?
>
> I'm on curl 7.57.0, Windows 7, x64.
>
> Thanks for ideas!
>
> --
> Best regards,
> Andreas Falkenhahn mailto:andreas_at_falkenhahn.com
>
>
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html
> 

-- 
Best regards,
 Andreas Falkenhahn                            mailto:andreas_at_falkenhahn.com
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-01-04