Unable to check curl certificate

Asked 1 years ago, Updated 1 years ago, 74 views

■Environment
Windows Server 2016
curl version:7.53.1
execution commands:curl-v-x proxy server site name

The above command resulted in the following error:

*channel:next InitializeSecurityContext failed: Unknown error (0x80092013) - Revocation function could not confirm revocation because revocation server is offline.

I downloaded "cacert.pem" with reference to the following site, renamed "cacert.pem" in the same folder as "curl.exe", and placed "curl-ca-bundle.crt", but the error did not go away.Could you tell me how to deal with it?

About SSL communication errors in curl.exe for Windows

windows curl windows-server

2022-09-30 16:13

1 Answers

First, curl can handle multiple libraries.You can also handle OpenSSL or Channel around SSL.
While the referenced site description is a countermeasure with OpenSSL, the error is caused by the channel, so the countermeasure is misleading.

The error message is

The revocation function could not confirm revocation because the revocation server is offline.

Because revocation verification, or revoke, has failed, you can disable revocation verification by adding the option --ssl-no-revoke to avoid errors.
(Of course, you should be able to confirm the expiration…)

For your information, for curl shipped with Windows (run at the command prompt) 

C>curl-V
curl 7.83.1 (Windows) libcurl/7.83.1 Channel
Release-Date: 2022-05-13
Protocols:dict file ftp ftps http https imap imaps pop3pop3s smtp smtps telnet tftp
Features:AsynchDNS HTS IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI UnixSockets

Only the channel is built in.

For curl with git for windows (run on Git Bash) 

$curl-V
curl7.82.0(x86_64-w64-mingw32) libcurl/7.82.0 OpenSSL/1.1.1n(Schannel)zlib/1.2.12 brotli/1.0.9zstd/1.5.2 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0
Release-Date: 2022-03-05
Protocols: dict file ftp ftp gopher gophers http https imap images ldap ldaps mqttpop3pop3s rtsp scp sftp smbs smbs smtp telnet tftp
Features: alt-svc AsyncDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP zstd
$ CURL_SSL_BACKEND = channel curl-V
curl7.82.0(x86_64-w64-mingw32) libcurl/7.82.0(OpenSSL/1.1.1n) Channel zlib/1.2.12 brotli/1.0.9zstd/1.5.2 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0
Release-Date: 2022-03-05
Protocols: dict file ftp ftp gopher gophers http https imap images ldap ldaps mqttpop3pop3s rtsp scp sftp smbs smbs smtp telnet tftp
Features: alt-svc AsyncDNS brotli HSTS HTTP2 IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP zstd

This includes both OpenSSL and Channel, and you can control which SSL library you use with the environment variable CURL_SSL_BACKEND.Duplicate and disabled libraries will be listed as ().

2022-09-30 16:13

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

519 Unable to install versioned in Google Colab

504 Understanding How to Configure Google API Key

493 The method of the class of the application that I am creating in Typescript does not work as I expected.

520 Scrap text information after the "View More" button when searching in the Yahoo! News search window

495 No exact matches in call to instance method 'append'

© 2024 OneMinuteCode. All rights reserved.