How do i get cURL to use https
Solution 1
Your curl version wasn't compiled with SSL support. It's actually a flag that is passed during the config phase:
./configure --with-ssl
The quickest and most complete way is to download the curl sources and compile it yourself with the --with-ssl
flag. This will also ensure that your curl and SSL libraries won't be vulnerable to any of the nasty, known vulnerabilities as well. There are workarounds for using insecure versions of SSL but of course that's not recommended.
Solution 2
I still don't know why using Aptitude installs a version without support for HTTPS but building from scratch did the trick:
git clone https://github.com/bagder/curl.git
sudo apt-get build-dep curl
cd curl
./buildconf
./configure
make
sudo make install
Now curl -V
yields
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
Oh and the reason I needed this in the first place is because NVM gave me N/A when trying to download a version of Node or get a listing of available versions with nvm ls-remote. That was caused by cURL not working for HTTPS requests.
Jorma Turkenburg
Updated on September 19, 2020Comments
-
Jorma Turkenburg over 3 years
I'm on Ubuntu 14.04.2 LTS. cURL's installed but does not include HTTPS as a protocol that it will use.
For example:
curl https://npmjs.org/install.sh | sh
gives me this:
curl: (1) Protocol https not supported or disabled in libcurl
Checking curl -V results in:
Protocols: dict file ftp gopher http imap pop3 rtsp smtp telnet tftp Features: IPv6 Largefile
HTTPS is missing from that list... so, how do I install cURL with support for HTTPS?
Oh, and
sudo apt-get install curl
is what I did to install it in the first place. -
Jorma Turkenburg about 9 yearsThx! That's it. Do you know why Aptitude doesn't give me a version with HTTPS?
-
Max Worg about 9 yearsI think it's to bring attention to the security vulnerabilities that have swept the Internet lately (like Heartbleed). SSLv2 has has it's fair share of security issues. Here are some more issues: superuser.com/questions/246074/…. By disabling it it forces the user to compile new with updated libraries so that some of these issues go away.
-
Max Worg about 9 yearsIn fact curl has an
--insecure
flag that you can pass when running it that will force it to use SSLv2 even though it considers v2 as insecure (for good reason). you didn't have to pass the ssl config flags for the latest version because it probably found SSLv3 support on your system and compiled in SSL support for that version. So it's not apt that disables it - it was a choice of curl package maintainers. -
rf_wilson over 6 yearsThis does not work. I get: remote: Repository not found. fatal: repository 'github.com/badger/curl.git' not found
-
Lars Viklund over 4 years@rf_wilson This is years old, but note that the user is 'bagder', not 'badger'.
-
xeruf almost 4 years
sudo apt-get build-dep curl
reports 'Unable to find a source package for curl' - why is that even needed? -
xeruf almost 4 yearsNote that your version of libcurl may be older than the curl version. In that case determine it with
apt list --installed libcurl\*
and then checkout the respectivecurl-X_Y_Z
tag before building.