Hi Juan, Yes, the 'Curl option' is set, but that does not affect the `curl.exe` program... That will always use "WinSSL" (which means: Secure Channel), i.e. not OpenSSL. The reason is that Git for Windows needs to use a nasty hack to avoid depending on OpenSSL (which I want to limit to `git-remote-https.exe`), for full details see: https://github.com/git-for-windows/git/pull/4410 Ciao, Johannes On Mon, 28 Apr 2025, Junio Luan Pereira wrote: > Hello > The "Curl option" is set to "WinSSL", but the problem persists even > when it is switched to "OpenSSL". To confirm this, I reinstalled Git > using the Windows executable file (without uninstalling it first) and > restarted my laptop. Now the content of "C:\Program > Files\Git\etc\install-options.txt" is as follows: > > Editor Option: Nano > Custom Editor Path: > Default Branch Option: > Path Option: Cmd > SSH Option: OpenSSH > Tortoise Option: false > CURL Option: OpenSSL > CRLF Option: CRLFAlways > Bash Terminal Option: MinTTY > Git Pull Behavior Option: Merge > Use Credential Manager: Enabled > Performance Tweaks FSCache: Enabled > Enable Symlinks: Disabled > Enable FSMonitor: Disabled > > Yet, the issues remained unchanged. > > If this information is helpful to you, my current cURL version is > > $ curl --version > curl 8.12.1 (x86_64-w64-mingw32) libcurl/8.12.1 Schannel zlib/1.3.1 > brotli/1.1.0 zstd/1.5.7 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 > Release-Date: 2025-02-13 > Protocols: dict file ftp ftps gopher gophers http https imap imaps > ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps > telnet tftp ws wss > Features: alt-svc AsynchDNS brotli HSTS HTTPS-proxy IDN IPv6 Kerberos > Largefile libz NTLM PSL SPNEGO SSL SSPI threadsafe UnixSockets zstd > > This is why I was unable to use a cURL binary without Schannel. > > Sincerely > > > Em seg., 28 de abr. de 2025 às 08:22, Johannes Schindelin > <Johannes.Schindelin@xxxxxx> escreveu: > > > > Hi Junio, > > > > On Fri, 25 Apr 2025, Junio Luan Pereira wrote: > > > > > I discovered that the problem lies in the schannel feature of the curl > > > binary. More specifically, the problem is not in the curl itself, but > > > in the feature "Safe Web" from Norton Antivirus in my PC that, in some > > > way, blocks any attempt of curl to access sites with a public key > > > validated by "Let's Encrypt". Turning off the Safe Web makes > > > everything work properly. > > > > Interesting. > > > > One last question: do you have OpenSSL or Secure Channel configured as > > your default HTTPS backend? You should be able to see this information in > > C:\Program Files\Git\etc\install-options.txt, under the key "CURL option": > > If it is "WinSSL", you chose Secure Channel, otherwise it is OpenSSL. > > > > Ciao, > > Johannes > > > > > > > > I am no expert, but an AI I used suggested that replacing the curl > > > executable by one without the schannel feature would solve the > > > problem, but I was unable to do this. > > > > > > Based on this, I believe this issue can be considered solved. > > > > > > Sincerely > > > > > > Em qui., 24 de abr. de 2025 às 10:05, Johannes Schindelin > > > <Johannes.Schindelin@xxxxxx> escreveu: > > > > > > > > Hi Junio, > > > > > > > > On Wed, 9 Apr 2025, Junio Luan Pereira wrote: > > > > > > > > > I am using git-for-windows on a windows 11 laptop with the Brazilian > > > > > Portuguese language. > > > > > > > > > > Recently, an error occur every time I execute the git > > > > > update-git-for-windows in the following way: > > > > > > > > > > $ git update-git-for-windows > > > > > curl: (35) schannel: next InitializeSecurityContext failed: > > > > > CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - A fun��o de revoga��o n�o > > > > > p�de verificar a revoga��o do certificado. > > > > > > > > This command is implemented as a Unix shell script: > > > > > > > > https://github.com/git-for-windows/build-extra/blob/HEAD/git-extra/git-update-git-for-windows > > > > > > > > Could you edit (in elevated mode!) the file at > > > > `C:\Program Files\Git\mingw64\bin\git-update-git-for-windows` and add the > > > > `--ssl-revoke-best-effort` option (for a full explanation, see > > > > https://curl.se/docs/manpage.html#--ssl-revoke-best-effort) to the two > > > > `curl` invocations in that script, and then try it again? > > > > > > > > Thank you, > > > > Johannes > > > > > > > > > > > > > > Reinstalling completely the program apparently does not work. > > > > > > > > > > Is this some kind of bug on git-for-windows? Was it reported? Should > > > > > it be reported? > > > > > > > > > > PS: I have no knowledge of programming, developing or debugging git. > > > > > Ask me in case more information is needed. > > > > > > > > > > Sincerely > > > > > > > > > > > > > > >
