Unable to check curl certificate

■Environment
Windows Server 2016
curl version:7.53.1
execution commands:curl-v-x proxy server site name

The above command resulted in the following error:

*channel:next InitializeSecurityContext failed: Unknown error (0x80092013) - Revocation function could not confirm revocation because revocation server is offline.

I downloaded "cacert.pem" with reference to the following site, renamed "cacert.pem" in the same folder as "curl.exe", and placed "curl-ca-bundle.crt", but the error did not go away.Could you tell me how to deal with it?

About SSL communication errors in curl.exe for Windows

windows curl windows-server

2022-09-30 16:13

1 Answers

First, curl can handle multiple libraries.You can also handle OpenSSL or Channel around SSL.
While the referenced site description is a countermeasure with OpenSSL, the error is caused by the channel, so the countermeasure is misleading.

The error message is

The revocation function could not confirm revocation because the revocation server is offline.

Because revocation verification, or revoke, has failed, you can disable revocation verification by adding the option --ssl-no-revoke to avoid errors.
(Of course, you should be able to confirm the expiration…)

For your information, for curl shipped with Windows (run at the command prompt)

C>curl-V
curl 7.83.1 (Windows) libcurl/7.83.1 Channel
Release-Date: 2022-05-13
Protocols:dict file ftp ftps http https imap imaps pop3pop3s smtp smtps telnet tftp
Features:AsynchDNS HTS IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI UnixSockets

Only the channel is built in.

For curl with git for windows (run on Git Bash)

$curl-V
curl7.82.0(x86_64-w64-mingw32) libcurl/7.82.0 OpenSSL/1.1.1n(Schannel)zlib/1.2.12 brotli/1.0.9zstd/1.5.2 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0
Release-Date: 2022-03-05
Protocols: dict file ftp ftp gopher gophers http https imap images ldap ldaps mqttpop3pop3s rtsp scp sftp smbs smbs smtp telnet tftp
Features: alt-svc AsyncDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP zstd
$ CURL_SSL_BACKEND = channel curl-V
curl7.82.0(x86_64-w64-mingw32) libcurl/7.82.0(OpenSSL/1.1.1n) Channel zlib/1.2.12 brotli/1.0.9zstd/1.5.2 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0
Release-Date: 2022-03-05
Protocols: dict file ftp ftp gopher gophers http https imap images ldap ldaps mqttpop3pop3s rtsp scp sftp smbs smbs smtp telnet tftp
Features: alt-svc AsyncDNS brotli HSTS HTTP2 IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP zstd

This includes both OpenSSL and Channel, and you can control which SSL library you use with the environment variable CURL_SSL_BACKEND.Duplicate and disabled libraries will be listed as ().

2022-09-30 16:13

If you have any answers or tips

Popular Tags

python x 4647

android x 1593

java x 1494

javascript x 1427

c x 927

c++ x 878

ruby-on-rails x 696

php x 692

python3 x 685

html x 656