search

erew123 / alltalk_tts

AllTalk is based on the Coqui TTS engine, similar to the Coqui_tts extension for Text generation webUI, however supports a variety of advanced features, such as a settings page, low VRAM support, DeepSpeed, narrator, model finetuning, custom models, wav file maintenance. It can also be used with 3rd Party software via JSON calls.
GNU Affero General Public License v3.0
1.16k stars 122 forks source link

curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK #404

Closed FJCCOMMISH closed 2 weeks ago

FJCCOMMISH commented 2 weeks ago

This is the error:

DeepSpeed download failed, errorlevel was 35. There should be an error message above with a code and/or text explanation of the issue. Please note the error code to help with diagnotics.

 1. Internet connection issues/unable to reach GitHub.
 2. Disk space related issues - Check your disk space on this drive.
 3. Permissions issues - Check you have enough rights on this system.
 4. Firewall or proxy settings blocking access to GitHub.
 5. Antivirus or security software interference.
 6. The file may have been moved or deleted from the GitHub repository.
 7. Other issues not mentioned above.

 This is the error text "above".

 curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.
erew123 commented 2 weeks ago

Hi @FJCCOMMISH

This is more than likely a problem with your machine and Curl or your machines root certificates. It is NOT related to the behaviour or AllTalk or its installer, it is purely giving CURL a request to download a file from github.

As an example on Windows: Here is the line in the installer: https://github.com/erew123/alltalk_tts/blob/alltalkbeta/atsetup.bat#L519

This is the command: curl -LO https://github.com/erew123/alltalk_tts/releases/download/DeepSpeed-14.0/deepspeed-0.14.0+ce78a63-cp311-cp311-win_amd64.whl which is a simple download this file command using Curl.

Here is the location on Github where it downloads from: https://github.com/erew123/alltalk_tts/releases/tag/DeepSpeed-14.0

You can manually download and install the DeepSpeed wheel file from that location if you wish.

Error details

curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK, is related to a problem with certificate validation.

Explanation of the Error

The error CRYPT_E_NO_REVOCATION_CHECK means that the SSL/TLS certificate revocation check has failed. This usually occurs because:

  1. The system cannot check the certificate's revocation status (whether the certificate has been revoked by checking both your local machines certificate store & also an internet Certificate Authority CA).
  2. Certificate chain validation issues due to missing or outdated root certificates on the machine.
  3. Machine clock or time sync issues could lead to problems validating certificates against current timestamps.
  4. Github's Certificates are expired highly unlikely, but things like this can happen.

Troubleshooting Steps

  1. Check System Clock
    Ensure that the system time, date, and timezone are correctly set. If the time is incorrect, the certificate validation may fail.

  2. Check your system is updated e.g. Windows update or Sudo APT or whatever Linux package manager you use Ensure that you system is updated.

  3. Reinstall curl or install the latest version of curl
    Try updating or reinstalling curl, as sometimes newer versions handle certificates differently https://curl.se/windows/

  4. Update Root Certificates

    ⚠️ YOU DO THIS AT YOUR OWN RISK. I AM NOT SUPPORTING YOU WITH THIS. ⚠️ ⚠️ PLEASE DO YOUR OWN RESEARCH ON THIS AS THIS IS WELL OUT OF SCOPE FOR SUPPORT⚠️

    Sometimes, outdated root certificates or an incomplete certificate store can lead to this error. To update:

    • On Windows: Run certutil -generateSSTFromWU roots.sst to download the latest certificates, or use Windows Update to ensure you have all the latest certificate updates.
    • On Linux/macOS: Update CA certificates with the following commands: 
      sudo apt update && sudo apt install --reinstall ca-certificates   # For Debian/Ubuntu
sudo update-ca-certificates                                       # For updating the cert store on Debian/Ubuntu
erew123 commented 2 weeks ago

To add to the above and why I say this is an issue with your machine's settings (or internet access)....

Certificate revocation checks are generally handled locally on your machine, but it may involve network communication. It is important that your systems time, date and timezone are correct as certificates are what are used for the backbone of secure HTTPS/SSL security on the internet and they are time based, so an incorrect system time/date etc causes issues when checking the certificates validity.

Here’s how the process works in detail:

  1. Local Certificate Chain Verification Your system uses the local certificate store to verify the chain of trust for the certificate. This process happens entirely on your machine and does not require any external communication. If the certificate chain is complete and trusted locally, the next step is to check the revocation status.

  2. Revocation Status Check (CRL or OCSP) CRL (Certificate Revocation List): The system attempts to download a list of revoked certificates from the Certificate Authority (CA) specified in the certificate. This step may involve reaching out to an external server to fetch the latest CRL, so internet access is required. OCSP (Online Certificate Status Protocol): Some systems may use OCSP, which performs a live check with the CA to confirm the certificate’s validity. This check is also done over the internet.

Whether the system uses CRL or OCSP depends on both the certificate settings and the configuration of your machine. If network access is restricted, or if there's a firewall blocking access to the CA’s revocation servers, these checks might fail.

  1. Local Machine Configuration Issues If your machine’s certificate store is outdated or missing entries, the revocation check may fail even with network access. Ensuring that your machine has an up-to-date certificate chain in its certificate store is crucial, and on systems like Windows, it may involve regular updates.

In Summary Most of the certificate verification process happens locally.

However, the actual revocation check (CRL or OCSP) often requires network access to communicate with the CA’s servers.

If network access is unavailable or restricted, or if there’s a problem with the local certificate configuration, this check can fail, leading to errors like CRYPT_E_NO_REVOCATION_CHECK.

FJCCOMMISH commented 2 weeks ago

Thanks for all the details.

I'm trying a windows update.