Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: (35) schannel: next InitializeSecurityContext failed #178

Closed
ckrause opened this issue Sep 25, 2022 · 6 comments
Closed

curl: (35) schannel: next InitializeSecurityContext failed #178

ckrause opened this issue Sep 25, 2022 · 6 comments
Labels
bug Something isn't working

Comments

@ckrause
Copy link
Contributor

ckrause commented Sep 25, 2022

Running on BOINC, the following error occurred on at least one Windows machine:

curl -fsSLo "C:\ProgramData\BOINC\projects/boinc.loda-lang.org_loda/miners.default.json" https://raw.githubusercontent.com/loda-lang/loda-cpp/main/miners.default.json
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - Die Sperrfunktion konnte keine Sperrprüfung für das Zertifikat durchführen.

Edition Windows 10 Pro
Version 21H2
Betriebssystembuild 19044.2006
Boinc 7.20.2

Background info is here.

Possible fix: add --ssl-no-revoke curl parameter on Windows.
@ckrause ckrause added the bug Something isn't working label Sep 25, 2022
@ckrause
Copy link
Contributor Author

ckrause commented Sep 25, 2022 

curl --version
curl 7.83.1 (Windows) libcurl/7.83.1 Schannel
Release-Date: 2022-05-13
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS HSTS IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI UnixSockets

@ckrause
Copy link
Contributor Author

ckrause commented Sep 25, 2022

Not fixed by --ssl-no-revoke:

2022-09-25 19:56:11|INFO |Starting LODA v22.9.25. See https://loda-lang.org/
2022-09-25 19:56:11|INFO |Platform: windows
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - Die Zertifikatkette wurde von einer nicht vertrauensw?rdigen Zertifizierungsstelle ausgestellt.
2022-09-25 19:56:20|WARN |Setting environment variable: TMP=C:\prg\BOINC\data/projects/boinc.loda-lang.org_loda\
2022-09-25 19:56:20|WARN |Setting environment variable: TEMP=C:\prg\BOINC\data/projects/boinc.loda-lang.org_loda\
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - Die Zertifikatkette wurde von einer nicht vertrauensw?rdigen Zertifizierungsstelle ausgestellt.
2022-09-25 19:56:20|INFO |curl --ssl-no-revoke -fsSLo "C:\prg\BOINC\data/projects/boinc.loda-lang.org_loda\miners.default.json" https://raw.githubusercontent.com/loda-lang/loda-cpp/main/miners.default.json
2022-09-25 19:56:20|ERROR|Error fetching https://raw.githubusercontent.com/loda-lang/loda-cpp/main/miners.default.json

@ckrause
Copy link
Contributor Author

ckrause commented Sep 27, 2022

New proposal: add a configuration option: when enabled, pass --insecure to curl

@kotenok2000
Copy link

What system do you use?

@ckrause
Copy link
Contributor Author

ckrause commented Sep 28, 2022

This was reported by a few Windows users in the BOINC forum. It is not a LODA issue, but maybe we need to support workarounds.

@ckrause
Copy link
Contributor Author

ckrause commented Nov 7, 2022

Added a fall-back option for insecure curl.

@ckrause ckrause closed this as completed Nov 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ckrause @kotenok2000