Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

Problems with schannel when revocation server was offline

From: Christian Hägele <haegele_at_teamviewer.com>
Date: Tue, 23 Oct 2012 11:17:44 +0200

Hello,

we are using libcurl 7.27.0 with WinSSL (schannel) on windows.
Normally it works fine and SSL-connections are established fine without
any problems. But from time to time the SSL-handshake fails because the
revocation server couldn't be reached. (the server-certificate was issued
by GeoTrust)
A restart of the application doesn't help. Trying to reach the host with
the curl-commandline-tool doesn't work either.
Here I have the verbose log of the curl-tool(7.28.0 build with WinSSL) (I
blacked out hostnames and IPs):

* About to connect() to *******************.com port 443 (#0)
* Trying *************...
* connected
* Connected to ******************.com (************) port 443 (#0)
* schannel: SSL/TLS connection with *************** port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 149 bytes...
* schannel: sent initial handshake data: sent 149 bytes
* schannel: SSL/TLS connection with ********************.com port 443
(step 2/3)
* schannel: encrypted data buffer: offset 1010 length 4096
* schannel: next InitializeSecurityContext failed: Unknown error
(0x80092013) - The revocation function was unable to check revocation
because the revocation server was offline.
* Closing connection #0
* schannel: shutting down SSL/TLS connection with *******************.com
port 443
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error
(0x80092013) - The revocation function was unable to check revocation
because the revocation server was offline.

The problem persists until I do a restart of the machine OR I open
Internet Explorer and try to reach the same website. After that everything
works fine again.

I assume Internet Explorer does some kind of 'reset' of the
schannel-component and after that it works fine again.

Any ideas how we could work around this issue?

Regards,

Christian

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-23