This error message is actually pretty helpful:
Trying https://www.hollywood-mal.de/<https://www.hollywood-mal.de/> OK!
Trying https://www.hollywood-mal.com/<https://www.hollywood-mal.com/> FAIL: 35
schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) -
Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver
offline war. (NB: In English the error is probably "schannel: next
InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation
function was unable to check revocation because the revocation server was
offline.")
I checked the CRL distribution point for both sites (you can see this info in
the details of the site’s certificate), it’s the same:
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.starfieldtech.com/sfig2s1-103.crl
I copied your code, compiled it, and tested it:
C:\Users\MASALI1\source\repos\Debug>curl-test.exe
Trying https://www.hollywood-mal.de/ OK!
Trying https://www.hollywood-mal.com/ OK!
So it looks like it was a temporary problem. Is the problem continuing for you?
Thanks,
Mark
Here are a couple pages to help understand certificate revocation checks:
https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/
https://www.digicert.com/util/utility-test-ocsp-and-crl-access-from-a-server.htm
From: curl-library <curl-library-boun...@cool.haxx.se> On Behalf Of Andreas
Falkenhahn via curl-library
Sent: Friday, January 4, 2019 5:31 AM
To: curl-library@cool.haxx.se
Cc: Andreas Falkenhahn <andr...@falkenhahn.com>
Subject: schannel: next InitializeSecurityContext failed: Unknown error
I know people have had problems with this before and I did my googling about
it, but I don't really understand how to solve this problem because in my case
it's particularly weird. Consider this little snippet:
static void tryconnect(const char *address)
{
CURL *curl = curl_easy_init();
CURLcode res;
char buf[CURL_ERROR_SIZE];
curl_easy_setopt(curl, CURLOPT_URL, address);
curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, buf);
printf("Trying %s ", address);
if(!(res = curl_easy_perform(curl))) {
printf("OK!\n");
} else {
printf("FAIL: %d %s\n", res, buf);
}
curl_easy_cleanup(curl);
}
int main(int argc, char *argv[])
{
curl_global_init(CURL_GLOBAL_DEFAULT);
tryconnect("https://www.hollywood-mal.de/<https://www.hollywood-mal.de/>"); -->
works!
tryconnect("https://www.hollywood-mal.com/<https://www.hollywood-mal.com/>");
--> fails with schannel error
curl_global_cleanup();
return 0;
}
Why on earth does https://www.hollywood-mal.de/<https://www.hollywood-mal.de/>
work fine and https://www.hollywood-mal.com/<https://www.hollywood-mal.com/>
doesn't work at all? I'm the owner of both domains and they are hosted by the
very same company with the very same settings, yet one works, and the other one
doesn't. Of course, in a browser both work fine, but with curl only the *.de
one works, the *.com one fails.
This is the output:
Trying https://www.hollywood-mal.de/<https://www.hollywood-mal.de/> OK!
Trying https://www.hollywood-mal.com/<https://www.hollywood-mal.com/> FAIL: 35
schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) -
Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver
offline war. (NB: In English the error is probably "schannel: next
InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation
function was unable to check revocation because the revocation server was
offline.")
How can I solve this please? Some people seem to be suggesting to use the
OpenSSL backend instead of schannel but is this really the only way to go?
Isn't this possible with in-house Windows solutions?
I'm on curl 7.57.0, Windows 7, x64.
Thanks for ideas!
--
Best regards,
Andreas Falkenhahn mailto:andr...@falkenhahn.com
-------------------------------------------------------------------
Unsubscribe:
https://cool.haxx.se/list/listinfo/curl-library<https://cool.haxx.se/list/listinfo/curl-library>
Etiquette:
https://curl.haxx.se/mail/etiquette.html<https://curl.haxx.se/mail/etiquette.html>
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
