CURL SSL certificate varification problem when AVAST HTTPS scanning enabled

General Topics
1

CURL SSL certificate varification problem when AVAST HTTPS scanning enabled

AVAST HTTPS scanning was acting as mitm silently but now causing CURL to fail to varify servers certificates.
CURL was working good with Avast HTTPS scanning enabled, any idea?

CURL error

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Environmet & info

  • OS windows 10
  • CURL was working good with Avast HTTPS scanning enabled.
  • same problem with other websites too, e.g. youtube
  • when “AVAST HTTPS scanning disabled” CURL worked as expected.

cmd VERBOSE Test

curl.exe “https://curl.se/ca/cacert.pem” -o curl-ca-bundle.crt -v

cmd output

  • Connected to curl.se (151.101.193.91) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • CAfile: C:\ProgramData\ca-bundle.crt
  • CApath: none
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
    { [5 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [122 bytes data]
  • TLSv1.2 (IN), TLS header, Finished (20):
    { [5 bytes data]
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    { [15 bytes data]
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
    { [964 bytes data]
  • TLSv1.2 (OUT), TLS header, Unknown (21):
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS alert, unknown CA (560):
    } [2 bytes data]
  • SSL certificate problem: unable to get local issuer certificate
    0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
  • Closing connection 0
    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

2
  • Which Avast…? (Free/Premium/One)
  • Which version/build of Avast…?
  • OS…? (32/64 Bit…? - which SP/Build…?)
  • Other security related software installed…?
3

The problem raised again but this time it could not be fixed.
Re-installing Avast after uninstalling it with “avastclear.exe” did not fix the problem as before.

AVAST
Avast Free v22.10.6038 (build 22.10.7633.752)

WINDOWS
Edition Windows 10 Pro (64-bit)
Version 21H2
Installed on ‎4/‎10/‎2022
OS build 19044.2130
Experience Windows Feature Experience Pack 120.2212.4180.0

OTHER SECURITY
Windows security (build-in)