Transparent Squid proxy – WinSSL (curl) revocation check error

[buridi]

Hi everyone,

I've set up a transparent proxy with Squid on OPNsense following several common guides. This includes creating an internal CA in OPNsense and using it in Squid for SSL inspection.

The setup works fine for most clients and browsers. However, on Windows I'm seeing errors when using curl or other applications relying on WinSSL:

Code Select Expand

channel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate

From what I understand, Windows is trying to perform a revocation check (CRL/OCSP) for the intercepted certificate and failing.

Has anyone dealt with this before?

Is there a recommended way to configure OPNsense/Squid to avoid or resolve this issue?

Should I be doing something different with my internal CA or Squid's SSL settings (CRL, OCSP stapling, etc.) to satisfy Windows?

Any advice or example configurations would be greatly appreciated.

Thanks!