How do i get cURL to use https

linux ubuntu curl https

20,541

Solution 1

Your curl version wasn't compiled with SSL support. It's actually a flag that is passed during the config phase:

./configure --with-ssl

The quickest and most complete way is to download the curl sources and compile it yourself with the --with-ssl flag. This will also ensure that your curl and SSL libraries won't be vulnerable to any of the nasty, known vulnerabilities as well. There are workarounds for using insecure versions of SSL but of course that's not recommended.

Solution 2

I still don't know why using Aptitude installs a version without support for HTTPS but building from scratch did the trick:

git clone https://github.com/bagder/curl.git
sudo apt-get build-dep curl
cd curl
./buildconf
./configure
make
sudo make install

Now curl -V yields

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

Oh and the reason I needed this in the first place is because NVM gave me N/A when trying to download a version of Node or get a listing of available versions with nvm ls-remote. That was caused by cURL not working for HTTPS requests.

20,541

Author by

Jorma Turkenburg

Updated on September 19, 2020

Comments

Jorma Turkenburg over 3 years
I'm on Ubuntu 14.04.2 LTS. cURL's installed but does not include HTTPS as a protocol that it will use.

For example:
```
curl https://npmjs.org/install.sh | sh
```
gives me this:
```
curl: (1) Protocol https not supported or disabled in libcurl
```
Checking curl -V results in:
```
Protocols: dict file ftp gopher http imap pop3 rtsp smtp telnet tftp
Features: IPv6 Largefile
```
HTTPS is missing from that list... so, how do I install cURL with support for HTTPS?

Oh, and sudo apt-get install curl is what I did to install it in the first place.
Jorma Turkenburg about 9 years

Thx! That's it. Do you know why Aptitude doesn't give me a version with HTTPS?
Max Worg about 9 years

I think it's to bring attention to the security vulnerabilities that have swept the Internet lately (like Heartbleed). SSLv2 has has it's fair share of security issues. Here are some more issues: superuser.com/questions/246074/…. By disabling it it forces the user to compile new with updated libraries so that some of these issues go away.
Max Worg about 9 years

In fact curl has an --insecure flag that you can pass when running it that will force it to use SSLv2 even though it considers v2 as insecure (for good reason). you didn't have to pass the ssl config flags for the latest version because it probably found SSLv3 support on your system and compiled in SSL support for that version. So it's not apt that disables it - it was a choice of curl package maintainers.
rf_wilson over 6 years

This does not work. I get: remote: Repository not found. fatal: repository 'github.com/badger/curl.git' not found
Lars Viklund over 4 years

@rf_wilson This is years old, but note that the user is 'bagder', not 'badger'.
xeruf almost 4 years

sudo apt-get build-dep curl reports 'Unable to find a source package for curl' - why is that even needed?
xeruf almost 4 years

Note that your version of libcurl may be older than the curl version. In that case determine it with apt list --installed libcurl\* and then checkout the respective curl-X_Y_Z tag before building.