Hi,

I have configured CURL to use WinSSL (schannel), and it does trust system trusted CAs just fine (that was the goal). However, one user has proxy configuration, where it acts as man-in-the-middle. Such configuration in general works just fine with our CURL lib build, and proxy provided certificates do look ok. Windows does trust their root CA certificate, and every other software is able to also verify proxy generated certificates (browsers, .NET apps, etc.).

Certificate path looks something like this:
User root CA
    User intermediate CA
         *.ourservice.com

Only "User intermediate CA" contains CRL distribution points, those are working. "User root CA" is trusted by OS.

However, we get this logged by CURL:
schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate

Trusting "User intermediate CA" in Windows did not help also.

There is not many leads, but maybe anyone has any hint what could have gone wrong?

Thanks,
Vincas

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-02-28