Unfortunately, the problem persists here. In the meantime I've made some further tests and I've found out that the problem happens only on my Windows 7 machine. On my Windows 10 machine both sites work just fine, like on your system. But on my Windows 7 machine the *.de site works, but the *.com site doesn't. This is really confusing me, especially because the CRL distribution point for both sites is the same. I haven't got the slightest idea how to fix this :-/
On 04.01.2019 at 18:04 Salisbury, Mark wrote: > > > > This error message is actually pretty helpful: > > > > Trying https://www.hollywood-mal.de/ OK! > Trying https://www.hollywood-mal.com/ FAIL: 35 schannel: next > InitializeSecurityContext failed: Unknown error (0x80092013) - Die > Sperrfunktion konnte die Sperrung nicht überprüfen, da der > Sperrserver offline war. (NB: In English the error is probably > "schannel: next InitializeSecurityContext failed: Unknown error > (0x80092013) - The revocation function was unable to check > revocation because the revocation server was offline.") > > > > I checked the CRL distribution point for both sites (you can see > this info in the details of the site’s certificate), it’s the same: > > > > [1]CRL Distribution Point > > Distribution Point Name: > > Full Name: > > URL=http://crl.starfieldtech.com/sfig2s1-103.crl > > > > I copied your code, compiled it, and tested it: > > > > C:\Users\MASALI1\source\repos\Debug>curl-test.exe > > Trying https://www.hollywood-mal.de/ OK! > > Trying https://www.hollywood-mal.com/ OK! > > > > So it looks like it was a temporary problem. Is the problem continuing for > you? > > > > Thanks, > Mark > > > > Here are a couple pages to help understand certificate revocation checks: > > https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/ > > https://www.digicert.com/util/utility-test-ocsp-and-crl-access-from-a-server.htm > > > > > > > > From: curl-library <curl-library-boun...@cool.haxx.se> On Behalf Of > Andreas Falkenhahn via curl-library > Sent: Friday, January 4, 2019 5:31 AM > To: curl-library@cool.haxx.se > Cc: Andreas Falkenhahn <andr...@falkenhahn.com> > Subject: schannel: next InitializeSecurityContext failed: Unknown error > > > > I know people have had problems with this before and I did my > googling about it, but I don't really understand how to solve this > problem because in my case it's particularly weird. Consider this little > snippet: > > static void tryconnect(const char *address) > { > CURL *curl = curl_easy_init(); > CURLcode res; > char buf[CURL_ERROR_SIZE]; > > curl_easy_setopt(curl, CURLOPT_URL, address); > curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1); > curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, buf); > > printf("Trying %s ", address); > if(!(res = curl_easy_perform(curl))) { > printf("OK!\n"); > } else { > printf("FAIL: %d %s\n", res, buf); > } > > curl_easy_cleanup(curl); > } > > int main(int argc, char *argv[]) > { > curl_global_init(CURL_GLOBAL_DEFAULT); > tryconnect("https://www.hollywood-mal.de/";); --> works! > tryconnect("https://www.hollywood-mal.com/";); --> fails with schannel error > curl_global_cleanup(); > return 0; > } > > Why on earth does https://www.hollywood-mal.de/ work fine and > https://www.hollywood-mal.com/ doesn't work at all? I'm the owner of > both domains and they are hosted by the very same company with the > very same settings, yet one works, and the other one doesn't. Of > course, in a browser both work fine, but with curl only the *.de one works, > the *.com one fails. > > This is the output: > > Trying https://www.hollywood-mal.de/ OK! > Trying https://www.hollywood-mal.com/ FAIL: 35 schannel: next > InitializeSecurityContext failed: Unknown error (0x80092013) - Die > Sperrfunktion konnte die Sperrung nicht überprüfen, da der > Sperrserver offline war. (NB: In English the error is probably > "schannel: next InitializeSecurityContext failed: Unknown error > (0x80092013) - The revocation function was unable to check > revocation because the revocation server was offline.") > > How can I solve this please? Some people seem to be suggesting to > use the OpenSSL backend instead of schannel but is this really the > only way to go? Isn't this possible with in-house Windows solutions? > > I'm on curl 7.57.0, Windows 7, x64. > > Thanks for ideas! > > -- > Best regards, > Andreas Falkenhahn mailto:andr...@falkenhahn.com > > > ------------------------------------------------------------------- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html > -- Best regards, Andreas Falkenhahn mailto:andr...@falkenhahn.com ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
