How to set timeout for cURL CRL checking?

278 views Asked by At
 curl --connect-timeout 5 --doh-url $dohUrl --max-time 10 --tlsv1.3 ....

I've tried using either --connect-timeout, --max-time or both at the same time as you can see above, still cURL wastes so much time trying to check for CRL and I want to tell it to stop doing it if it takes longer than 5 seconds. currently, cURL keeps trying CRL for 20 seconds and then throws this error:

curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.

this is an intentional scenario that I want cURL to navigate through. I do not want to set --ssl-no-revoke because that completely skips the CRL check, I just don't want cURL to keep trying CRL for more than 5 seconds and throw that error after 5 seconds instead of 20+ seconds.

-m, --max-time Maximum time in seconds that you allow the whole operation to take. This is useful for preventing your batch jobs from hang‐ ing for hours due to slow networks or links going down. Since 7.32.0, this option accepts decimal values, but the actual time‐ out will decrease in accuracy as the specified timeout increases in decimal precision.

quoting that from here. why cURL not respecting that parameter? I set it to 10 seconds but it takes more than 20 seconds just stuck at CRL checking phase. is it the problem with where in the command I use that parameter?

I don't want to do anything extra and don't want to check the certificate or CRL myself with other methods.

you can easily test it, just set incorrect DoH details in Windows settings so that DNS resolution won't work but you will still be able to access web resources using their IP addresses.

0

There are 0 answers