cURL error in various homebrew installations

I'm using my (quite old) Macbook with macOS 10.10. I have been struggling to install the following programs using homebrew: ffmpeg, cairo, and sox. Whenever I run brew install ffmpeg it al runs well until eventually, I run into the following error:

==> Downloading https://download.gnome.org/sources/glib/2.64/glib-2.64.3.tar.xz

curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect
Error: Failed to download resource "glib"
Download failed: https://download.gnome.org/sources/glib/2.64/glib-2.64.3.tar.xz

As far as I know, there is an issue with the version of cURL being used, which does not support OpenSSL, and SecureTransport is getting in the way. I saw this when running:

curl 7.43.0 (x86_64-apple-darwin14.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

It seems that the cURL that is being used is the one built in with the OS, I tried switching to the homebrew one by editing my $PATH in my .bash_profile, and ran the following, finding SecureTransport again:

$ which curl
/usr/local/opt/curl/bin/curl
$ curl -V
curl 7.71.1 (x86_64-apple-darwin14.5.0) libcurl/7.71.1 SecureTransport zlib/1.2.5
Release-Date: 2020-07-01

but this was no help. I also tried brew upgrade,brew uninstall curl and then brew install curl-openssl but this homebrew installation also runs into the same curl(35) error.

How can I disable SecureTransport? Is there any other possible fix? Is it necessary for me to update my macOS to a more recent version?

1 answer

  • answered 2020-07-04 20:02 chenrui

    First of all, feel pretty bad for your situation that homebrew only supports the latest three MacOS versions (which are high-sierra, mojave and catalina at this moment), this aligns with the Apple's security patch policy as well.

    Second, regarding your glib downloading issue, I just did a download myself, seems working fine now (we usually use bintray homebrew mirror to mitigate the issue like this), but I just checked the homebrew core codebase, we did not have mirror for gnome source artifacts though (hope that you won't run into such issue again) .

    Third, regarding how to override the MacOS default curl, you can just do echo 'export PATH="/usr/local/opt/curl/bin:$PATH"' >> ~/.bash_profile && source ~/.bash_profile.

    Here is what I have in my local before/after:

    $ ls -al $(which curl)
    -rwxr-xr-x  1 root  wheel  185072 May 20 04:14 /usr/bin/curl
    
    $ curl --version
    curl 7.54.0 (x86_64-apple-darwin18.0) libcurl/7.54.0 LibreSSL/2.6.5 zlib/1.2.11 nghttp2/1.24.1
    Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
    Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
    
    $ ls -al $(which curl)
    -r-xr-xr-x  1 rchen  staff  209876 Jul  4 15:58 /usr/local/opt/curl/bin/curl
    
    $ curl --version
    curl 7.71.1 (x86_64-apple-darwin18.7.0) libcurl/7.71.1 SecureTransport zlib/1.2.11
    Release-Date: 2020-07-01
    Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
    Features: AsynchDNS IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets
    

    Final comment is if you don't have to install the latest ffmpeg, cairo, and sox, I can probably find you the bottles for MacOS 10.10.

    Hope it helps.