Curl Update
Aus HS Syswiki
(Unterschied zwischen Versionen)
Mrh (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „There's an issue when e.g. updating Joomla Plugins, curl cannot verify peer certificate because of an outdated CA Bundle. To resolve and have an up-to-date CA…“) |
|||
| (10 dazwischenliegende Versionen von einem Benutzer werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | There's an issue when e.g. updating Joomla Plugins, curl cannot verify peer certificate because of an outdated CA Bundle. | + | There's an issue when e.g. updating Joomla Plugins, curl cannot verify peer certificate because of an outdated CA Bundle. See here: https://github.com/joomla-extensions/weblinks/issues/79 |
| − | To resolve and have an up-to-date CA-Certificate Bundle (and CURL library), it's necessary to update the Curl package. This can be done like this: | + | To resolve this and have an up-to-date CA-Certificate Bundle (and CURL library), it's necessary to update the Curl package. This can be done like this: |
| − | Copy the following RPMS to the | + | == Prerequisites == |
| + | |||
| + | OpenSSL Update must be done before as described here: | ||
| + | http://syswiki.internet-license.net/index.php?title=Openssl_patch | ||
| + | |||
| + | Package "customopenssl" must be isntalled. Check with: | ||
| + | rpm -qa customopenssl | ||
| + | |||
| + | == Update == | ||
| + | Copy the following RPMS to the server: | ||
<pre> | <pre> | ||
| − | libcurl4-7.44.0-1.1.x86_64.rpm | + | scp libcurl4-7.44.0-1.1.x86_64.rpm tuxNN:/usr/local/src/rpm/openssl_upgrade |
| − | curl-7.44.0-1.1.x86_64.rpm | + | scp curl-7.44.0-1.1.x86_64.rpm tuxNN:/usr/local/src/rpm/openssl_upgrade |
| − | curl-ca-bundle-7.44.0-1.1.x86_64.rpm | + | scp curl-ca-bundle-7.44.0-1.1.x86_64.rpm tuxNN:/usr/local/src/rpm/openssl_upgrade |
</pre> | </pre> | ||
(only updating the ca bundle would not help because current curl cannot cope with hashing algorithms within the new bundle) | (only updating the ca bundle would not help because current curl cannot cope with hashing algorithms within the new bundle) | ||
| Zeile 13: | Zeile 22: | ||
Then update packages on the server: | Then update packages on the server: | ||
<pre> | <pre> | ||
| + | cd /usr/local/src/rpm/openssl_upgrade | ||
rpm -Uvh libcurl4-7.44.0-1.1.x86_64.rpm curl-7.44.0-1.1.x86_64.rpm curl-ca-bundle-7.44.0-1.1.x86_64.rpm | rpm -Uvh libcurl4-7.44.0-1.1.x86_64.rpm curl-7.44.0-1.1.x86_64.rpm curl-ca-bundle-7.44.0-1.1.x86_64.rpm | ||
</pre> | </pre> | ||
| + | == Testen == | ||
| + | Zuerst in der aktuellen shell ebenfalls die Pfade für die Shared Libraries zu aktualisieren: | ||
| + | /sbin/ldconfig | ||
| + | Danach auf github verbinden (hat ein neues CA Zertifikat, welches nur im neuen ca-bundle enthalten ist): | ||
| + | curl https://github.com/ | ||
| + | |||
| + | |||
| + | |||
| + | == Curl fix (26.04.2016) == | ||
| + | curl fix for shared libraries / mismatch with libcurl | ||
| + | |||
| + | <pre> | ||
| + | tux313:/usr/local/lib64 # ldconfig /usr/local/lib64 | ||
| + | tux313:/usr/local/lib64 # ldconfig -v -p |grep -i curl | ||
| + | libcurl.so.4 (libc6,x86-64) => /usr/local/lib64/libcurl.so.4 | ||
| + | libcurl.so.4 (libc6,x86-64) => /usr/lib64/libcurl.so.4 | ||
| + | tux313:/usr/local/lib64 # curl -V | ||
| + | curl 7.44.0 (x86_64-unknown-linux-gnu) libcurl/7.44.0 OpenSSL/1.0.1j zlib/1.2.3 libidn/1.0 | ||
| + | Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp | ||
| + | Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets | ||
| + | </pre> | ||
[[Category:ServerAdmin]] | [[Category:ServerAdmin]] | ||
Aktuelle Version vom 26. April 2016, 13:10 Uhr
There's an issue when e.g. updating Joomla Plugins, curl cannot verify peer certificate because of an outdated CA Bundle. See here: https://github.com/joomla-extensions/weblinks/issues/79
To resolve this and have an up-to-date CA-Certificate Bundle (and CURL library), it's necessary to update the Curl package. This can be done like this:
Inhaltsverzeichnis |
[Bearbeiten] Prerequisites
OpenSSL Update must be done before as described here: http://syswiki.internet-license.net/index.php?title=Openssl_patch
Package "customopenssl" must be isntalled. Check with:
rpm -qa customopenssl
[Bearbeiten] Update
Copy the following RPMS to the server:
scp libcurl4-7.44.0-1.1.x86_64.rpm tuxNN:/usr/local/src/rpm/openssl_upgrade scp curl-7.44.0-1.1.x86_64.rpm tuxNN:/usr/local/src/rpm/openssl_upgrade scp curl-ca-bundle-7.44.0-1.1.x86_64.rpm tuxNN:/usr/local/src/rpm/openssl_upgrade
(only updating the ca bundle would not help because current curl cannot cope with hashing algorithms within the new bundle)
Then update packages on the server:
cd /usr/local/src/rpm/openssl_upgrade rpm -Uvh libcurl4-7.44.0-1.1.x86_64.rpm curl-7.44.0-1.1.x86_64.rpm curl-ca-bundle-7.44.0-1.1.x86_64.rpm
[Bearbeiten] Testen
Zuerst in der aktuellen shell ebenfalls die Pfade für die Shared Libraries zu aktualisieren:
/sbin/ldconfig
Danach auf github verbinden (hat ein neues CA Zertifikat, welches nur im neuen ca-bundle enthalten ist):
curl https://github.com/
[Bearbeiten] Curl fix (26.04.2016)
curl fix for shared libraries / mismatch with libcurl
tux313:/usr/local/lib64 # ldconfig /usr/local/lib64
tux313:/usr/local/lib64 # ldconfig -v -p |grep -i curl
libcurl.so.4 (libc6,x86-64) => /usr/local/lib64/libcurl.so.4
libcurl.so.4 (libc6,x86-64) => /usr/lib64/libcurl.so.4
tux313:/usr/local/lib64 # curl -V
curl 7.44.0 (x86_64-unknown-linux-gnu) libcurl/7.44.0 OpenSSL/1.0.1j zlib/1.2.3 libidn/1.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
