Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.
Issue abstract: cant verify local certificate tls/ssl, blocking curl
Detailed description:
My work usually use curl for get some package or anything i need. i encounter tls/ssl local validation certificate that blocked. i tried to fix the issue with some step and still have the issue until i uninstall the norton then it work nomally as before. i’ve tried to change the firewall before uninstall it but still have the issue. so if there some way to solve this other than uninstall the program it’ll be help
Product & version number: Norton 360 For Gamers …
OS details: Windows 11
What is the error message you are seeing? : no error from norton
If you have any supporting screenshots, please add them:
@Rizki_Akbar Please share a screenshot of the error you are seeing and/or anything you have in your Norton history regarding the blockage. If nothing shows in Norton history Norton most likely isn’t doing the blocking.
Have you viewed the Windows Event Viewer to gather anything from there that suggests what Windows is or isn’t doing regarding this? Also what version TLS is installed?
Not knowing what steps you have taken please review these Microsoft forums posts for some suggestions:
As CURL uses several transfer protocol types that is the most likely reasoning for Norton nailing it. CURL can also be used for hacking purposes regarding API’s. I don’t think Norton would ever consider NOT protecting the everyday user from that prospect just to use their products nor would any other legit security software. Norton support may offer you a different perspective when asked.
i’ve been solve this block curl. your “Safe Web” feature that block all curl atempt, any for packages development dependencies installation, or any normal curl testing in my personal website. when i turn it off all run normally without problem. please rework this feature “Safe Web” in the future update
i tried sent some screenshot before, but it showed only one allowed for new user i just sent it anyway, and until now is still waiting approval. so it’s okay i copy it here. i test it using google () com and upquality () net. i use composer and others like npm too. below is when still on
*** I dont insert full link because it keep return error** ___ text no link ( curl -v google () com )
schannel: disabled automatic use of client certificate
ALPN: curl offers http/1.1
schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.
closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate. ____ text no link (curl -vupquality () net )
Host upquality()net:443 was resolved.
IPv6: (none)
IPv4: 104.21.55.33, 172.67.144.104
Trying 104.21.55.33:443…
schannel: disabled automatic use of client certificate
ALPN: curl offers http/1.1
schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.
closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.
Then when set it off _________ text no link (curl -v google()com)
This sounds as though you are using a “self-signed” certificate for the path. Please review the linked article for some thoughts about what others are seeing.
Thanks for your suggestion solution but, i already read it before and it’s a terrible solution.
usually i dont use curl command itself manually to do anything of my work. i just do the curl command itself above just for testing and give me more information what error happened. Usually i just use composer install or all composer package command and npm install and all of the command. it will download all the package i need over curl command. instead use curl command manually and use --ssl-no-revoke everytime,
just turn it off Safe Web it will work it everytime. i dont know about “Self-Signed” certificate here, because i didn’t even do anything to setting this before i get this problem, i just let it windows default setting. i will write down here what i wrote in awaiting approval message i sent before
i use TLS 1.2 and TLS 1.3 general settings from windows. the error occurs in the inability to check the windows schannel. i have tried several setting steps such as, renewing the windows CA certificate, using openssl curl, changing the windows registry, turning off the proxy, and turning off the server certificate and issuer certificate checking. the result is still failing to check the windows local certificate
that what ive done, until i know that beside uninstall norton i can just turn it off “Safe Web”.
The schannel issue is appearing because Curl refuse to use a “client certificate” in its path for Root Certificate. Disable safe web as you suggested and see if the issue persists.