Why does calling HEAD on this URL prevent the following error: ERROR: Message: SSL peer certificate or SSH remote key was not OK

Question

This is an issue I'm having with a specific package but it looks like the software is using a version of CURL for windows or something. I want to understand this specific behavior because it doesnt make sense to me.

Im using this software which is a custom distro of clamav for windows: https://oss.netfarm.it/clamav/

Specifically this version: https://oss.netfarm.it/clamav/files/clamav-x64-0.102.1.7z

I call an exe in that package: & 'c:\clamav\freshclam.exe' And I get the following error:

Trying again in 5 secs...
daily database available for download (remote version: 25759)
ERROR: Download failed (60) ERROR:  Message: SSL peer certificate or SSH remote key was not OK
ERROR: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Giving up on https://database.clamav.net...
ERROR: Update failed for database: daily
WARNING: fc_update_databases: fc_update_database failed: Connection failed (5)
ERROR: Database update process failed: Connection failed (5)
ERROR: Update failed.

Dont get it because I can access that URL without issue. I then found if I run HEAD against that URL first before running the exe it works:

Invoke-WebRequest -Uri 'https://database.clamav.net/daily.cvd' -Method HEAD
# Now this will work
& 'c:\clamav\freshclam.exe'

I think they might have implemented curl libs wrong or something? I dont understand what could even cause this. Does invoke-webquest fetch and cache certs but curl (or the apps use of it) does not do that?

Answer 1

You have to update the SSL certificates:

apt install ca-certificates
update-ca-certificates

Answer 2

Yes, i'am! I have 8 installs where clamav is working like a charm and one throwing this message:SSL peer certificate or SSH remote key was not OK