curl-library
Re: schannel: next InitializeSecurityContext failed: Unknown error
Date: Fri, 4 Jan 2019 18:14:06 +0100
Unfortunately, the problem persists here. In the meantime I've made some further tests and I've found out that the problem happens only on my Windows 7 machine. On my Windows 10 machine both sites work just fine, like on your system. But on my Windows 7 machine the *.de site works, but the *.com site doesn't. This is really confusing me, especially because the CRL distribution point for both sites is the same. I haven't got the slightest idea how to fix this :-/
On 04.01.2019 at 18:04 Salisbury, Mark wrote:
>
>
>
> This error message is actually pretty helpful:
>
>
>
> Trying https://www.hollywood-mal.de/ OK!
> Trying https://www.hollywood-mal.com/ FAIL: 35 schannel: next
> InitializeSecurityContext failed: Unknown error (0x80092013) - Die
> Sperrfunktion konnte die Sperrung nicht überprüfen, da der
> Sperrserver offline war. (NB: In English the error is probably
> "schannel: next InitializeSecurityContext failed: Unknown error
> (0x80092013) - The revocation function was unable to check
> revocation because the revocation server was offline.")
>
>
>
> I checked the CRL distribution point for both sites (you can see
> this info in the details of the site’s certificate), it’s the same:
>
>
>
> [1]CRL Distribution Point
>
> Distribution Point Name:
>
> Full Name:
>
> URL=http://crl.starfieldtech.com/sfig2s1-103.crl
>
>
>
> I copied your code, compiled it, and tested it:
>
>
>
> C:\Users\MASALI1\source\repos\Debug>curl-test.exe
>
> Trying https://www.hollywood-mal.de/ OK!
>
> Trying https://www.hollywood-mal.com/ OK!
>
>
>
> So it looks like it was a temporary problem. Is the problem continuing for you?
>
>
>
> Thanks,
> Mark
>
>
>
> Here are a couple pages to help understand certificate revocation checks:
>
> https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/
>
> https://www.digicert.com/util/utility-test-ocsp-and-crl-access-from-a-server.htm
>
>
>
>
>
>
>
> From: curl-library <curl-library-bounces_at_cool.haxx.se> On Behalf Of
> Andreas Falkenhahn via curl-library
> Sent: Friday, January 4, 2019 5:31 AM
> To: curl-library_at_cool.haxx.se
> Cc: Andreas Falkenhahn <andreas_at_falkenhahn.com>
> Subject: schannel: next InitializeSecurityContext failed: Unknown error
>
>
>
> I know people have had problems with this before and I did my
> googling about it, but I don't really understand how to solve this
> problem because in my case it's particularly weird. Consider this little snippet:
>
> static void tryconnect(const char *address)
> {
> CURL *curl = curl_easy_init();
> CURLcode res;
> char buf[CURL_ERROR_SIZE];
>
> curl_easy_setopt(curl, CURLOPT_URL, address);
> curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1);
> curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, buf);
>
> printf("Trying %s ", address);
> if(!(res = curl_easy_perform(curl))) {
> printf("OK!\n");
> } else {
> printf("FAIL: %d %s\n", res, buf);
> }
>
> curl_easy_cleanup(curl);
> }
>
> int main(int argc, char *argv[])
> {
> curl_global_init(CURL_GLOBAL_DEFAULT);
> tryconnect("https://www.hollywood-mal.de/"); --> works!
> tryconnect("https://www.hollywood-mal.com/"); --> fails with schannel error
> curl_global_cleanup();
> return 0;
> }
>
> Why on earth does https://www.hollywood-mal.de/ work fine and
> https://www.hollywood-mal.com/ doesn't work at all? I'm the owner of
> both domains and they are hosted by the very same company with the
> very same settings, yet one works, and the other one doesn't. Of
> course, in a browser both work fine, but with curl only the *.de one works, the *.com one fails.
>
> This is the output:
>
> Trying https://www.hollywood-mal.de/ OK!
> Trying https://www.hollywood-mal.com/ FAIL: 35 schannel: next
> InitializeSecurityContext failed: Unknown error (0x80092013) - Die
> Sperrfunktion konnte die Sperrung nicht überprüfen, da der
> Sperrserver offline war. (NB: In English the error is probably
> "schannel: next InitializeSecurityContext failed: Unknown error
> (0x80092013) - The revocation function was unable to check
> revocation because the revocation server was offline.")
>
> How can I solve this please? Some people seem to be suggesting to
> use the OpenSSL backend instead of schannel but is this really the
> only way to go? Isn't this possible with in-house Windows solutions?
>
> I'm on curl 7.57.0, Windows 7, x64.
>
> Thanks for ideas!
>
> --
> Best regards,
> Andreas Falkenhahn mailto:andreas_at_falkenhahn.com
>
>
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>
-- Best regards, Andreas Falkenhahn mailto:andreas_at_falkenhahn.com ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2019-01-04