How to change libcurl SSL backend from gnutls to openssl on Ubuntu server
Solution 1
The -dev
packages are the development packages, they contain the library headers, used to develop and compile programs that use the library. They're usually not required by application binary packages (which are already compiled). Installing libcurl4-openssl-dev
isn't enough to make the binary packages that have been built against libcurl3-gnutls
use OpenSSL instead. It would only be useful for applications that you re-compile against it.
The python-pycurl
package has a direct dependency on libcurl3-gnutls
and libgnutls26
.
Unless there are cURL-based packages for Ubuntu compiled against OpenSSL instead of GnuTLS in an alternative repository, you may have to build them yourself unfortunately.
This could be do in principle by downloading the source (apt-get source python-pycurl
, and related packages). You would have to go into the Debian packaging configuration files and change the options (usually passed to the configure
script which also configures the Makefile
s before compilation) so as to change the compilation options, to use OpenSSL instead. You may also need to change the package description to limit disruption to the other packages, perhaps by using the provide:
directive to say that your package can replace the one packaged by Ubuntu.
Solution 2
I saw a solution on Debian bug tracker.
I figured I'd post a workaround for people to fix the python-pycurl
package themselves.
sudo apt-get install build-essential fakeroot dpkg-dev
mkdir ~/python-pycurl-openssl
cd ~/python-pycurl-openssl
sudo apt-get source python-pycurl
sudo apt-get build-dep python-pycurl
sudo apt-get install libcurl4-openssl-dev
dpkg-source -x pycurl_7.18.2-1.dsc
cd pycurl-7.18.2
Note pycurl could have been updated so the name may not exactly be pycurl_7.18.2-1.dsc
Edit the debian/control
file and replace all instances of
libcurl4-gnutls-dev
with libcurl4-openssl-dev
dpkg-buildpackage -rfakeroot -b
sudo dpkg -i ../python-pycurl_7.18.2-1_i386.deb
To test just jump on the interpretor and look at the version.
It used to say:
shell~# python
Python 2.5.2 (r252:60911, Jan 4 2009, 17:40:26)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pycurl
>>> pycurl.version
'libcurl/7.18.2 GnuTLS/2.4.2 zlib/1.2.3.3 libidn/1.8'
It will now say (if you did everything right):
shell~# python
Python 2.5.2 (r252:60911, Jan 4 2009, 17:40:26)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pycurl
>>> pycurl.version
'libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18'
The reason just editing the debian/control file works here is because
both libcurl4-gnutls-dev
and libcurl4-openssl-dev
use the file
/usr/bin/curl-config
to build its packages. One is for gnutls
enviroments while the other is for openssl.
Solution 3
Remove the pycurl module and reinstall it using pip.
sudo pip install pycurl
Related videos on Youtube
Comments
-
Jayesh over 1 year
I am getting gnutls specific errors in my Tornado webserver while processing Google OpenID SSL responses. One of the suggestions I got from Tornado mailing list is to try OpenSSL backend instead of gnutls. But it doesn't seem to be straightforward on Ubuntu server (11.10).
On Ubuntu server,
gnutls
is provided bylibcurl3-gnutls
package and openssl curl support is provided bylibcurl4-openssl-dev
package. (I don't know why the later is named4
anddev
, but I couldn't find any other openssl+curl package in apt-cache search).I had
libcurl3-gnutls
installed by default, but notlibcurl4-openssl-dev
. So I installed the later and restarted Torando instances. But that didn't seem to work. I still got same gnutls errors.I found old discussions on curl mailing lists regarding the problems of supporting different SSL backends to libcurl, but didn't find exactly how is it done today. So far my guess is openssl is built into libcurl and gnutls is provided through separate package (that will explain why there is no libcurl3-openssl). But how do I make libcurl to pick up openssl backend and not gnutls? Is there some option in libcurl/pycurl API to do this?
I tried uninstalling
libcurl3-gnutls
, but apt-get prompted that it will also removepython-pycurl
along with it. So that won't do. -
Bruno over 12 yearsAs @SwenW said,
libcurl3
is compiled against OpenSSL, so it should be a matter or changing the build options for OpenSSL and makingpython-pycurl
depend onlibcurl3
instead oflibcurl3-gnutls
. -
vonPetrushev about 10 yearsThis answer is correct, the solution is working, and should be the accepted answer instead.
-
Martin about 7 yearsThanks this worked! Additionally I had to install
libssl-dev
in Debian, otherwise I wouldnt find the header files for compilation. Also signing failed so I used this command to build the package:sudo dpkg-buildpackage -rfakeroot -b -uc -us
-
Mikaelblomkvistsson over 5 yearsAs @Martin wrote. It works but would be nice if @nobody update this answer with missing
libssl-dev
and differentdpkg-buildpackage
call (I got exactly the same issues and Martin's hints helped).