cURL error in various homebrew installations
I'm using my (quite old) Macbook with macOS 10.10. I have been struggling to install the following programs using homebrew: ffmpeg, cairo, and sox. Whenever I run
brew install ffmpeg it al runs well until eventually, I run into the following error:
==> Downloading https://download.gnome.org/sources/glib/2.64/glib-2.64.3.tar.xz curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect Error: Failed to download resource "glib" Download failed: https://download.gnome.org/sources/glib/2.64/glib-2.64.3.tar.xz
As far as I know, there is an issue with the version of cURL being used, which does not support OpenSSL, and SecureTransport is getting in the way. I saw this when running:
curl 7.43.0 (x86_64-apple-darwin14.0) libcurl/7.43.0 SecureTransport zlib/1.2.5 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
It seems that the cURL that is being used is the one built in with the OS, I tried switching to the homebrew one by editing my
$PATH in my
.bash_profile, and ran the following, finding SecureTransport again:
$ which curl /usr/local/opt/curl/bin/curl $ curl -V curl 7.71.1 (x86_64-apple-darwin14.5.0) libcurl/7.71.1 SecureTransport zlib/1.2.5 Release-Date: 2020-07-01
but this was no help. I also tried
brew uninstall curl and then
brew install curl-openssl but this homebrew installation also runs into the same curl(35) error.
How can I disable SecureTransport? Is there any other possible fix? Is it necessary for me to update my macOS to a more recent version?
First of all, feel pretty bad for your situation that homebrew only supports the latest three MacOS versions (which are high-sierra, mojave and catalina at this moment), this aligns with the Apple's security patch policy as well.
Second, regarding your
glibdownloading issue, I just did a download myself, seems working fine now (we usually use
bintrayhomebrew mirror to mitigate the issue like this), but I just checked the homebrew core codebase, we did not have mirror for gnome source artifacts though (hope that you won't run into such issue again) .
Third, regarding how to override the MacOS default curl, you can just do
echo 'export PATH="/usr/local/opt/curl/bin:$PATH"' >> ~/.bash_profile && source ~/.bash_profile.
Here is what I have in my local before/after:
$ ls -al $(which curl) -rwxr-xr-x 1 root wheel 185072 May 20 04:14 /usr/bin/curl $ curl --version curl 7.54.0 (x86_64-apple-darwin18.0) libcurl/7.54.0 LibreSSL/2.6.5 zlib/1.2.11 nghttp2/1.24.1 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
$ ls -al $(which curl) -r-xr-xr-x 1 rchen staff 209876 Jul 4 15:58 /usr/local/opt/curl/bin/curl $ curl --version curl 7.71.1 (x86_64-apple-darwin18.7.0) libcurl/7.71.1 SecureTransport zlib/1.2.11 Release-Date: 2020-07-01 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets
Final comment is if you don't have to install the latest
sox, I can probably find you the bottles for
Hope it helps.