CURL revocation fails on Windows

[faky1337]

I don't know when or why but on some client the revocation checks fail and the NorthstarLauncher is not able to establish an ecrypted connection using https. It seems related to schannel tho.

The error message (in the console window): curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012). Sometimes it seems not to throw any error message (but that could be the issue with a user not being capable of finding the console window? since it was not logged in any logfiles). Also the error message gets translated to the clients OS language (german Windows => german error message).

adding curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE); on all requests seems to fix the issue.

Not sure how much this would be related to security but I assume in case a certificate gets revoked the client would not be aware of this when disabling it in CURL?

• [ ] (Move CURL stuff to own function so we don't have to edit all occurances?)
• [ ] add switch like -nosslrevocation to optionally disable revocation thingy

[p0358]

They should be asked out about their Windows version. I think curl uses WinSSL and thus by extension system's root trust store. And outdated/non-updated Windowses might have their stores outdated and incompatible with some newly issued certificates.

Although it should technically then be "expired", not "revoked"...

If this is indeed the issue, then one workaround could be shipping an up-to-date trusted CA list and using that instead