Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save thenoseman/dfbea01a3763cc85e7a3c85b46582deb to your computer and use it in GitHub Desktop.
Save thenoseman/dfbea01a3763cc85e7a3c85b46582deb to your computer and use it in GitHub Desktop.

Installing libcurl with Updated OpenSSL Support

If your Linux distribution is so out of date that you can no longer install updated patches, you'll typically need to either reach for an unsupported package or install the software via source. Additionally, I didn't want to interfere with installed software in fear of rendering the system unusable.

Become Root and Grab Tarballs

You're going to be installing stuff that requires root access, so it's easier to just be able to do it when you want without having to worry about using sudo and permissions. Be careful you don't delete anything you can't recover

$ sudo su - 
# mkdir -p /usr/local/src && cd /usr/local/src

Grab packages via cURL if possible (if the system version is too out of date, this may fail). If not, just download to your local machine and SCP up to your target host.

# curl https://www.openssl.org/source/openssl-1.1.0c.tar.gz -o openssl-1.1.0c.tar.gz
# curl https://curl.haxx.se/download/curl-7.52.1.tar.gz -o curl-7.52.1.tar.gz

# tar xzf openssl-1.1.0c.tar.gz
# tar xzf curl-7.52.1.tar.gz

Install OpenSSL

Configure the path so as to not interfere with the currently installed OpenSSL package:

# cd /usr/local/src/openssl-1.1.0c
# ./config --prefix=/usr/local/openssl-1.1.0c --openssldir=/usr/local/openssl-1.1.0c
# make && make install

Once installed, ensure that the shared library it builds is available via ldconfig by adding it to the configuration search path:

# echo /usr/local/openssl-1.1.0c/lib >> /etc/ld.so.conf.d/ssl.conf

Run ldconfig to update the cache:

# ldconfig 

You can verify what shared libraries are available by using the -p flag:

# ldconfig -p | grep ssl
	libssl.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libssl.so.1.1
	libssl.so.1.0.0 (libc6,x86-64) => /lib/x86_64-linux-gnu/libssl.so.1.0.0
	libssl.so.1.0.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
	libssl.so (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libssl.so
	libssl.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so
	libgnutls-openssl.so.26 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgnutls-openssl.so.26
	libgnutls-openssl.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgnutls-openssl.so
	libcrypto.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libcrypto.so.1.1
	libcrypto.so (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libcrypto.so

Install cURL

Again, this should be installed so as not to interfere with the existing cURL:

# cd /usr/local/src/curl-7.52.1
# ./configure --prefix=/usr/local/curl/7.52.1 --with-ssl=/usr/local/openssl-1.1.0.c
# make && make install

In addition to installing an updated binary, this will install the shared libcurl library in /usr/local/curl/7.52.1/lib. Additionally, it will install the curl-config binary that is used by curb to determine the correct build flags when installing the C extension.

Install Curb

The Curb gem provides cURL bindings for Ruby that we will use instead of the native standard library support for SSL. Looking at the contents of the included extconf.rb file, we can see that the curl-config program is used to figure out the build flags:

if find_executable('curl-config')
  $CFLAGS << " #{`curl-config --cflags`.strip} -g"
  if ENV['STATIC_BUILD']
    $LIBS << " #{`curl-config --static-libs`.strip}"
  else
    $LIBS << " #{`curl-config --libs`.strip}"
  end
  ...
end

Since there are multiple versions of cURL and libcurl on our system, we need to ensure that the correct version is used. To do this, I:

  1. Alter the PATH environment variable to ensure that our newly-installed curl-config program is found first
  2. Provide the STATIC_BUILD environment variable to statically link curb against the new libcurl library

If not built statically, Curb will load libcurl dynamically at runtime and will use the old libcurl version (that we're trying to replace).

$ PATH=/usr/local/curl/7.52.1/bin:/usr/bin:/bin STATIC_BUILD=1 /usr/local/bin/gem install curb \
    -v 0.9.3 \
    --install-dir=/path/to/gem/installation/directory
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment