Author Topic: CURL SSL certificate varification problem when AVAST HTTPS scanning enabled (Read 2838 times)

info109 · « **on:** May 15, 2022, 09:57:15 AM »

CURL SSL certificate varification problem when AVAST HTTPS scanning enabled

AVAST HTTPS scanning was acting as mitm silently but now causing CURL to fail to varify servers certificates.
CURL was working good with Avast HTTPS scanning enabled, any idea?

CURL error
===========
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Environmet & info
==================
- OS windows 10
- CURL was working good with Avast HTTPS scanning enabled.
- same problem with other websites too, e.g. youtube
- when "AVAST HTTPS scanning disabled" CURL worked as expected.

cmd VERBOSE Test
================

curl.exe "https://curl.se/ca/cacert.pem" -o curl-ca-bundle.crt -v

cmd output
==========
* Connected to curl.se (151.101.193.91) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: C:\ProgramData\ca-bundle.crt
* CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (

:
{ [15 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [964 bytes data]
* TLSv1.2 (OUT), TLS header, Unknown (21):
} [5 bytes data]
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
} [2 bytes data]
* SSL certificate problem: unable to get local issuer certificate
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Asyn · « **Reply #1 on:** May 15, 2022, 10:21:31 AM »

- Which Avast..? (Free/Premium/One)
- Which version/build of Avast..?
- OS..? (32/64 Bit..? - which SP/Build..?)
- Other security related software installed..?

info109 · « **Reply #2 on:** October 31, 2022, 12:58:38 PM »

The problem raised again but this time it could not be fixed.
Re-installing Avast after uninstalling it with "avastclear.exe" did not fix the problem as before.

AVAST
Avast Free v22.10.6038 (build 22.10.7633.752)

WINDOWS
Edition   Windows 10 Pro (64-bit)
Version   21H2
Installed on   ‎4/‎10/‎2022
OS build   19044.2130
Experience   Windows Feature Experience Pack 120.2212.4180.0

OTHER SECURITY
Windows security (build-in)

Author Topic: CURL SSL certificate varification problem when AVAST HTTPS scanning enabled (Read 2838 times)

info109

CURL SSL certificate varification problem when AVAST HTTPS scanning enabled

Asyn

Re: CURL SSL certificate varification problem when AVAST HTTPS scanning enabled

info109

Re: CURL SSL certificate varification problem when AVAST HTTPS scanning enabled