Avast WebShield + cURL SSL Revokation Exception

Good day,

Enabling Avast Antivirus’ WebShield and then attempting to use the built-in cURL for Windows always results in the following error:

curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.

The obvious workaround is using the --ssl-no-revoke flag, but this doesnt work for software like git for Windows which relies on cURL for software-updates, forcing me to disable my AV’s WebShield for updates.

This has been a well-known problem for quite some time, any plan on fixing it?

And I have this BIG PROBLEM for all my developer products. HORROR
Please how to FIX IT.

Code error sample:
PHP Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://api.coingecko.com/api/v3/simple/price?ids=moviebloc&vs_currencies=usd in D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php:276
Stack trace:
#0 D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php(205): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)
#1 D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php(157): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#2 D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\CurlHandler.php(47): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#3 D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#4 D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\Proxy.php(48): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#5 D:\BipBip\vendor\guzzlehttp\guzzle\src\PrepareBodyMiddleware.php(35): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#6 D:\BipBip\vendor\guzzlehttp\guzzle\src\Middleware.php(31): GuzzleHttp\PrepareBodyMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#7 D:\BipBip\vendor\guzzlehttp\guzzle\src\RedirectMiddleware.php(71): GuzzleHttp\Middleware::GuzzleHttp{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#8 D:\BipBip\vendor\guzzlehttp\guzzle\src\Middleware.php(66): GuzzleHttp\RedirectMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#9 D:\BipBip\vendor\guzzlehttp\guzzle\src\HandlerStack.php(75): GuzzleHttp\Middleware::GuzzleHttp{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#10 D:\BipBip\vendor\guzzlehttp\guzzle\src\Client.php(333): GuzzleHttp\HandlerStack->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#11 D:\BipBip\vendor\guzzlehttp\guzzle\src\Client.php(169): GuzzleHttp\Client->transfer(Object(GuzzleHttp\Psr7\Request), Array)
#12 D:\BipBip\vendor\guzzlehttp\guzzle\src\Client.php(189): GuzzleHttp\Client->requestAsync(‘GET’, Object(GuzzleHttp\Psr7\Uri), Array)
#13 D:\BipBip\vendor\codenix-sv\coingecko-api\src\Api\Api.php(35): GuzzleHttp\Client->request(‘GET’, ‘/api/v3/simple/…’, Array)
#14 D:\BipBip\vendor\codenix-sv\coingecko-api\src\Api\Simple.php(23): Codenixsv\CoinGeckoApi\Api\Api->get(‘/simple/price’, Array)
#15 D:\BipBip\geteuro.php(192): Codenixsv\CoinGeckoApi\Api\Simple->getPrice(‘moviebloc’, ‘usd’)
#16 D:\BipBip\getmbl.php(74): getCoinGeckoAPI(‘moviebloc’)
#17 {main}
thrown in D:\BipBip\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php on line 276

Confirmed here. Hopefully some Avast team member taking a look into this…

This is rather annoying. And Git for Windows is going to default to using SChannel in the next version for new installs. Which will cause this to happen for all interactions with Git over HTTPS.

A workaround for now is to: echo ssl-no-revoke >> ~\.curlrc in pwsh (PowerShell 7) (Or any config path that cURL reads), to disable SChannel revocation checking, but this is less secure and it is better that such revocation checks will work with Avast properly.

I’m not sure if annoying from Avast is actually monitoring this forum though. Possibly only paid customer support gets any attention nowadays.