Question

How to upgrade cURL in Centos6?

All my droplets run Centos 6, and I use cURL quite widely. However, as I’m updating servers to use HTTPS (and, more importantly, restricting to TLSv1) I’ve hit a problem - the version of cURL installed on them all is prehistoric; it’s so old it doesn’t recognise TLSv1.

From comments on fora, this seems to be common, but a solution isn’t. Yum refuses to see a problem as there evidently isn’t a distro in any of the standard repos more modern that v7.19.7. Attempting to upgrade directly with RPM by pulling down a file from e.g. the city-fan repo fails as it triggers a wave of dependency issues that I’m afraid I have no idea how to solve.

It seems bizarre that there isn’t a Yum repo somewhere which has rolled up a more modern distro with all its dependencies, given how critical SSL security has become to almost all websites and how popular Centos6/RHEL is, but I’m buggered if I can find one.

Does anyone know of a suitable repo? If not, can anyone point me towards any decent advice on solving all the dependency problems (everything I’ve googled seems to end with “…and now rebuild cURL” :/)

Subscribe
Share

I reached out to Paul (the package maintainer) and he came back very quickly with some helpful info to confirm:

First of all, the standard CentOS 6 version of curl/libcurl is recent enough that you won’t need the old compat packages (libcurl7155 etc.).

The easiest way to install the updated curl from my repo is to install my repo release package http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-13.rhel6.noarch.rpm

rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-13.rhel6.noarch.rpm

and then edit the file /etc/yum.repos.d/city-fan.org.repo to change the line enabled=1 to enabled=0 to prevent pulling in anything from there when you’re not expecting it.

You can then see what would happen if you updated curl from my repo by doing: yum --enablerepo=city-fan.org update curl

At this point you can see what would be installed/removed (I’d expect it to install/update a few libraries as well as curl and libcurl, and not remove anything), and say “yes” or “no” to the update. The updated version of curl should work fine with everything in CentOS 6.

I did exactly this and after restarting Apache I’m pleased to say PHP is also now using the new version.

UPDATE

Surprised there haven’t been any responses, as this is a major issue which will, sooner rather than later, bite everyone running a CentOS 6 webserver.

OK, solution is to found after all in the city-fan repo after all, I had just been a bit more of an idiot than usual when trying to use it earlier… Another point to note is that the University of Seville mirror is a LOT faster and more available than city-fan itself, which is apparently run off somebody’s home ADSL line!

EITHER add the repo setup file manually e.g.

rpm -Uvh http://nervion.us.es/city-fan/yum-repo/rhel6/x86_64/city-fan.org-release-1-13.rhel6.noarch.rpm

(adjusting for your architecture and the release number, if there is a later one)

OR (better solution) add a new text file called /etc/yum.repos.d/city-fan.repo containing

[CityFan]
name=City Fan Repo
baseurl=http://nervion.us.es/city-fan/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0

Either way, you should then be good to go :

yum clean all
yum install libcurl 

should update cURL to a (very) recent openSSL-based version (7.46.0 at the time of writing), which will resolve the “unknown protocol” errors for TLSv1 etc.

You may want to then remove/rename the city-fan.repo file if you want to prevent yum later also updating other packages you may have installed with “non-official” later versions.

Hope this helps others who will come in search of the same answers. This is a huge oops by Redhat IMHO - I have no idea why something which has become so crucial to website operation isn’t now included in the official repo.

You beautiful, beautiful man…

Been bashing my head for over a day playing with CA certificates trying to cURL an endpoint. Updated cURL and can now connect successfully.

@edwinsilaen try these settings I just took from one of my servers after following jamie’s post:

cat /etc/yum.repos.d/city-fan.org.repo

[city-fan.org] name=city-fan.org repository for Red Hat Enterprise Linux (and clones) $releasever ($basearch) #baseurl=http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch mirrorlist=http://mirror.city-fan.org/ftp/contrib/yum-repo/mirrorlist-rhel$releasever enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-city-fan.org

worked like a charm.

@pif1709 you did something wrong, “Error: Trying to remove ‘yum’, which is protected” means that you must have ran: #yum remove yum or possibly, you accidentally copied and pasted the command twice and tried running: #yum remove curl yum …

@edwinsilaen try to set repo [city-fan.org] (as you call in in yum command ([root@xxx installs]# yum --enablerepo=city-fan.org update curl) …or try this command: [root@xxx installs]# yum --enablerepo=city-fan update curl

MY PROBLEM IS: how can I downgrade version 7.48 (the latest got from city-fan.org) The base version is 7.19. The cUrl php extension is 4.48 (phpinfo).

‘yum remove curl’ not working ! …see below last lines afer I run remove command: “Error: Trying to remove “yum”, which is protected You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest”.

Give me some hints !

i already did what jamie comment, still can’t upgrade my curl. what could possibly go wrong ?

[root@xxx installs]# yum --enablerepo=city-fan.org update curl Loaded plugins: changelog, product-id, refresh-packagekit, security, subscription-manager, tmprepo, verify Updating certificate-based repositories.

Error getting repository data for city-fan.org, repository not found [root@xxx installs]# cd /etc/yum.repos.d/ [root@xxx yum.repos.d]# ls city-fan.org.repo example.repo redhat.repo rhel-source.repo zend.repo [root@xxx yum.repos.d]# cat city-fan.org.repo [CityFan] name=City Fan Repo baseurl=http://nervion.us.es/city-fan/yum-repo/rhel$releasever/$basearch/ enabled=0 gpgcheck=0

========

and i disabled all other repo as well

Fantastic, Paul’s comments re the compat libs are hugely helpful. Yep, you should be good now.

The packages we are using are all from the CentOS 6 official repos, apart from PHP which we’ve got from Webtatic for later versions. I have no idea if any of the packages require older versions of libcurl to be honest. I’m assuming if I upgrade cURL, it’ll remove the old version and those libraries.

No, they didn’t install as part of the update. I doubt installing them manually would impact on the update though, as they are just libraries - should have no impact on anything, other than to fix broken dependencies. Anyway you only need to install them if you find a broken dependency, which as I said I suspect is unlikely to happen anyway unless you are running some other piece of equally-obsolete software. I certainly haven;'t come across anything which needs them.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Not sure - looks like you are failing dependency resolution for OpenSSL 1.0.1 but I’m not sure why yum can’t find a repo for that - isn’t it part of the RHEL base? Maybe somebody else can clarify that?

yum install libcurl

—> Package libssh2-devel.x86_64 0:1.8.0-7.0.cf.rhel6 will be installed –> Finished Dependency Resolution Error: Package: libcurl-7.60.0-1.0.cf.rhel6.x86_64 (city-fan.org) Requires: libcrypto.so.10(OPENSSL_1.0.1)(64bit) Error: Package: libcurl-7.60.0-1.0.cf.rhel6.x86_64 (city-fan.org) Requires: libcrypto.so.10(libcrypto.so.10)(64bit) Error: Package: libcurl-7.60.0-1.0.cf.rhel6.x86_64 (city-fan.org) Requires: libssl.so.10(libssl.so.10)(64bit) Error: Package: libssh2-1.8.0-7.0.cf.rhel6.x86_64 (city-fan.org) Requires: libcrypto.so.10(libcrypto.so.10)(64bit) Error: Package: curl-7.60.0-1.0.cf.rhel6.x86_64 (city-fan.org) Requires: libcrypto.so.10(libcrypto.so.10)(64bit)

what’s wrong?

Hello Everyone!!!

Hope someone can help me with my problem. We have a server at godaddy with CentOS 6 and install a SSL Certificate in it, but we start having problems with paypal transactions, and at godaddy recomend to update curl version following a procedure where we download a tar file, after configure and install the webpage with the certificate stop working, cause paypal and mercadopago doesn’t allow transactions without ssl certificate.

At command line we start looking for the problem and when we run #yum check or #yum update it throws the next error.

"# yum check There was a problem importing one of the Python modules required to run yum. The error leading to this problem was:

libssh2.so.1: cannot open shared object file: No such file or directory

Please install a package which provides this module, or verify that the module is installed correctly.

It’s possible that the above module doesn’t match the current version of Python, which is: 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]

If you cannot solve this problem yourself, please go to the yum faq at: http://yum.baseurl.org/wiki/Faq"

i can’t run yum commands but can install rpm, Any suggestion?

This comment has been deleted

I just wanted to add a huge thank you for posting this! I’ve been racking my brain for a few hours between openssl, PHP and Curl versions to get this to work, and this was all I needed. I agree, this is a HUGE issue with RH/CentOS not updating Curl. So thanks again for a perfect solution to this problem.

Just glad this is helping people, having had to fight my way through it myself!

I am still astonished this hasn’t blown up into a much more widely-discussed issue, as it must be breaking enormous numbers of SSL endpoints by now (Paypal merchant sites alone must be hitting this in huge numbers by now, for goodness sake, but payment providers still don’t seem to be offering anything in the way of help or advice).

I also can’t understand why Redhat still aren’t coming to the party, as this effectively beaks every v6 installation on the planet which relies on SSL. Ah well, 'tis a strange world…