libcurl CentOS build script - https://github.com/probonopd/AppImages/issues/187

build-libcurl.sh

#!/bin/sh
# build on CentOS 6.9 (64 bit)
# https://github.com/probonopd/AppImages/issues/187
# https://github.com/TheAssassin/zsync2/issues/4
# https://launchpad.net/~djcj/+archive/ubuntu/libcurl-slim
set -e
set -x

# https://github.com/mxe/mxe/blob/master/src/curl.mk
version=$(wget -q -O- 'https://curl.haxx.se/download/?C=M;O=D' | \
  sed -n 's,.*curl-\([0-9][^"]*\)\.tar.*,\1,p' | head -1)

mbed_version="2.6.0"

wget -c "https://curl.haxx.se/download/curl-${version}.tar.bz2"
wget -c "https://tls.mbed.org/download/mbedtls-${mbed_version}-apache.tgz"

rm -rf curl-${version}
tar xf curl-${version}.tar.bz2
cd curl-${version}
patch -p1 < ../curl-ssl-searchpaths.patch

tar xf ../mbedtls-${mbed_version}-apache.tgz
cd mbedtls-${mbed_version}
make -j`nproc` CFLAGS="-O3 -fstack-protector -fPIC -DPIC"
make install DESTDIR="$PWD/tmp_x86_64"
make clean
make -j`nproc` CFLAGS="-m32 -O3 -fstack-protector -fPIC -DPIC" LDFLAGS="-m32"
make install DESTDIR="$PWD/tmp_i686"
cd ..

sed -i 's|FLAVOUR@4|FLAVOUR@3|' lib/libcurl.vers.in

CFLAGS="-O3 -fstack-protector" LDFLAGS="-Wl,--as-needed -Wl,-z,relro" \
./configure --enable-optimize --disable-debug --enable-shared --disable-static \
    --without-ssl --with-mbedtls="$PWD/mbedtls-${mbed_version}/tmp_x86_64"
make -j`nproc`
libcurl=$(readlink lib/.libs/libcurl.so)
cp src/.libs/curl ../curl.x86_64
cp lib/.libs/$libcurl ../${libcurl}.x86_64
make clean

CFLAGS="-m32 -O3 -fstack-protector" LDFLAGS="-m32 -Wl,--as-needed -Wl,-z,relro" \
./configure --enable-optimize --disable-debug --enable-shared --disable-static --host=i686-pc-linux-gnu \
    --without-ssl --with-mbedtls="$PWD/mbedtls-${mbed_version}/tmp_i686"
make -j`nproc`
cp src/.libs/curl ../curl.i686
cp lib/.libs/$libcurl ../${libcurl}.i686
cd ..

strip libcurl.so.* curl.i686 curl.x86_64

set +x

file curl.i686
file curl.x86_64
file ${libcurl}.i686
file ${libcurl}.x86_64

for bin in curl.i686 curl.x86_64 ${libcurl}.i686 ${libcurl}.x86_64 ; do
  glibc=$(objdump -t $bin | sed -n 's/.*@@GLIBC_//p' | grep -e '^[0-9]' | cut -d ' ' -f1 | tr -d ')' | sort -uV | tail -1)
  if [ -z "$glibc" ]; then
    glibc=$(objdump -T $bin | sed -n 's/.*GLIBC_//p' | grep -e '^[0-9]' | cut -d ' ' -f1 | tr -d ')' | sort -uV | tail -1)
  fi
  echo "$bin: GLIBC $glibc"
done

curl-ssl-searchpaths.patch

--- a/lib/url.c
+++ b/lib/url.c
@@ -589,6 +589,44 @@
   set->socks5_gssapi_nec = FALSE;
 #endif
 
+#define SET_CA_BUNDLE(path) \
+{ \
+  setstropt(&set->str[STRING_SSL_CAFILE_ORIG], path); \
+  if(result) \
+    return result; \
+  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], path); \
+  if(result) \
+    return result; \
+}
+
+#define CURL_CA_BUNDLE_SEARCHPATHS "/etc/ssl/ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:/etc/ssl/cert.pem:/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/cert.pem:/etc/pki/tls/cacert.pem:/usr/local/share/certs/ca-root-nss.crt"
+#if defined(CURL_CA_BUNDLE_SEARCHPATHS)
+#if defined(CURL_CA_BUNDLE)
+#undef CURL_CA_BUNDLE
+#endif
+  {
+    char delim[2];
+    char *searchpaths;
+    char *path;
+    strcpy(delim, ":");
+    searchpaths = strdup(CURL_CA_BUNDLE_SEARCHPATHS);
+    if (getenv("CURLOPT_VERBOSE")) fprintf(stderr, "*** testing CA certificate search paths: %s ***\n", searchpaths);
+    path = strtok(searchpaths, delim);
+    while (path != NULL) {
+      if (getenv("CURLOPT_VERBOSE")) fprintf(stderr, "*** checking path: %s ***\n", path);
+      if (access(path, F_OK) != -1) {
+        FILE *f = fopen(path, "r");
+        fseek(f, 0, SEEK_END);
+        if (ftell(f) > 0) {
+          if (getenv("CURLOPT_VERBOSE")) fprintf(stderr, "*** using path: %s ***\n", path);
+          SET_CA_BUNDLE(path);
+          break;
+        }
+      }
+      path = strtok(NULL, delim);
+    }
+  }
+#endif
   /* This is our preferred CA cert bundle/path since install time */
 #if defined(CURL_CA_BUNDLE)
   result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);