curl: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate

C

8

97

C:\Users\casta>curl https://c5.ppy.sh
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

I've made my own CA, and I made a certificate from this CA.

The problem is, when I tried to access website with this certificate, It works fine!

but If I tried with curl or C# applications, It returns error.

C# error is here:

2019-02-28T09:20:33: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel
2019-02-28T09:20:33: 위치: #=zGFbxUFU_LnBci6wJmmCy1$E=.#=z0YcFrd6MZP1A()
2019-02-28T09:20:33: 위치: #=zuFHGCPNOLQmjQEcRmqQHLnQ=.#=z3NGNjJ0=()

Coremaker answered 1/3, 2019 at 4:39 Comment(1)

I got this issue while using PowerShell on a network with a self-signed certificate. Unsure how to tell PowerShell that the cert is fine, though. – Arianaariane 9/12, 2021 at 16:12

M

193

I've been using curl through a mitm proxy for pen-testing and getting the same issue.

I finally figured that curl needs a parameter telling it not to check certificate revocation, so the command looks something like this:

curl "https://www.example.com" --ssl-no-revoke -x 127.0.0.1:8081

The -x parameter passes the proxy details - you may not need this.

Maness answered 7/6, 2019 at 0:31 Comment(1)

Terrible solution though, because anyone can MITM you so theres very little point in using https. – Buchbinder 13/4, 2023 at 11:29

K

17

Don't panic... Please check your anti virus and turn off. It happened because your connection is blocked.

Karyotype answered 4/7, 2023 at 10:38 Comment(4)

This is different with blocked. Your antivirus may do MITM virus check and that's why. – Coremaker 5/7, 2023 at 5:6

avg was blocking openai. It worked for me – Appointment 9/12, 2023 at 5:10

kaspersky was blocking building kafka with ./gradlew jar – Photokinesis 22/4 at 8:7

Thankyou. Avast! shields lowered and everything works! – Kenn 1/5 at 0:34

B

9

You can use the --ssl flag and omit the https like this

curl --ssl c5.ppy.sh

Bypath answered 18/3, 2020 at 11:8 Comment(2)

How does --ssl flag helps here? Just curious. – Bizet 15/3, 2021 at 10:12

It tries with ssl and if fails revert to non-secure docs. If you specify https you force curl to use ONLY the SSL. – Bypath 15/3, 2021 at 10:23

W

4

just add -k to it , see here: curl -k https://release.solana.com/v1.10.8/solana-install-init-x86_64-pc-windows-msvc.exe — output C:\solana-install-tmp\solana-install-init.exe — create-dirs

Warthman answered 24/1 at 21:58 Comment(0)

S

3

I had this issue and the problem was in my AVG AntiVirus. When I disabled it ( specifically Web Shield ) then the issue had gone.

Stuck answered 29/9, 2023 at 12:20 Comment(0)

D

0

In C# you can ignore SSL errors using this code;

ServicePointManager
    .ServerCertificateValidationCallback += 
    (sender, cert, chain, sslPolicyErrors) => true;

Sometimes useful if the site you are connecting to forgets to renew their SSL certificate, but you still want to download the content.

Dollie answered 3/11, 2023 at 14:50 Comment(0)

D

0

In my company, I'm behind a proxy-firewall and curl threw the following error, when trying to download a resource from the web:

curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308)

Similar to as like @riemanzz hint, to explicitly specifying the proxy in the chosen solution, the problem were missing proxy var settings in the shell environment here.

Applying the following commands in the terminal, or in a script, will temporarily set the required proxy var, making an additional argument to curl obsolete:

export http_proxy=www.proxy.company.org:8080
export https_proxy=www.proxy.company.org:8080

To permanently set the vars, one could either add those lines in e. g. ~/.bashrc (per user), or in /etc/profile (all users) - see anser here for more information.

After re-starting the terminal, the curl command, to download 'documentation.pdf' to the current folder, worked as simple as:

 curl -O 'https://www.point-of-interest.org/stuff/documentation.pdf'

No need for an additional -x "$https_proxy".

Note: this only worked for me, after removing 'http://' and 'https://' prefixes for the proxy var settings and using port 8080, instead of the propagated port 80.

Recommended topics

Hot tags