LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   CentOS 6.7 has really OLD curl. Best way to update curl? (https://www.linuxquestions.org/questions/linux-server-73/centos-6-7-has-really-old-curl-best-way-to-update-curl-4175578394/)

sneakyimp 04-26-2016 02:01 PM

CentOS 6.7 has really OLD curl. Best way to update curl?
 
I've got version 3 of a website running on a CentOS server and was recently notified by a payment gateway that they plan to upgrade their SSL/TSL transport. They kindly supplied a battery of tests. The tests have revealed that curl is lamentably old on CentOS 6.7:
Code:

$ curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

I tried sniffing around using yum for some newer version of curl but it doesn't seem to have anything that is an obvious upgrade. Tried this:
Code:

sudo yum clean all
sudo yum install libcurl

but it responds:
Code:

Package libcurl-7.19.7-46.el6.x86_64 already installed and latest version
Nothing to do

Unless I'm missing something, CentOS 6.7's packages have curl 7.19 and that's that. Is this not the case?

There's an upgrade method using RPM here. Basically it says do this:
Quote:

Use the city-fan repo ( part of the curl mirror http://curl.haxx.se/download.html#LinuxRedhat)

Code:

rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel6/x86_64/city-fan.org-release-1-13.rhel6.noarch.rpm
yum install libcurl


I'm not really sure how this might impact my package management, whether it's safe or not, and whether this will result in security upgrades when I do a yum upgrade or not.

Can anyone recommend the best way to deal with this such that my curl is updated (ideally 7.35 or later) and stays patched with security fixes and so on?

AlucardZero 04-26-2016 02:04 PM

* Update this host to 7.x, or
* compile it yourself, install to /usr/local so it doesn't touch the system, and take responsibility for updates, or
* use city-fan and trust it will not break anything

sneakyimp 04-26-2016 02:12 PM

Thanks for your response.
Quote:

Originally Posted by AlucardZero (Post 5536934)
* Update this host to 7.x, or
* compile it yourself, install to /usr/local so it doesn't touch the system, and take responsibility for updates, or
* use city-fan and trust it will not break anything

Given this server is soon to be replaced by version 4 (which will probably run on Ubuntu 16.04) we are hoping to avoid the full upgrade ordeal to CentOS 7. The current website is quite old and we expect things to break.

If I compile myself, why keep it from touching the system? The desire is to have it upgrade curl usage in PHP scripts et.al so it's desirable for us to have it "touch" the system I think. Is it really going to break anything?

As for trusting city-fan -- I've no idea who they are or whether they are trustworthy. I'm not exactly inclined to trust them with this particular server as it performs some sensitive operations.

sneakyimp 04-26-2016 02:16 PM

Also, I suspect that the curl installed on CentOS 6.7 uses NSS instead of OpenSSL -- not certain about that but it seems to be a complicating issue if I hope to compile from source.

sneakyimp 04-26-2016 03:06 PM

OK I downloaded curl 7.48 source code from haxx.se and did the ./configure and make and make install and now when I invoke curl from the CLI it reports version 7.48.

HOWEVER, the version of curl reported by PHP is still the old one:
Code:

$ php -r 'var_dump(curl_version());'
array(9) {
  ["version_number"]=>
  int(463623)
  ["age"]=>
  int(3)
  ["features"]=>
  int(1597)
  ["ssl_version_number"]=>
  int(0)
  ["version"]=>
  string(6) "7.19.7"
  ["host"]=>
  string(23) "x86_64-redhat-linux-gnu"
  ["ssl_version"]=>
  string(20) "NSS/3.19.1 Basic ECC"
  ["libz_version"]=>
  string(5) "1.2.3"
  ["protocols"]=>
  array(12) {
    [0]=>
    string(4) "tftp"
    [1]=>
    string(3) "ftp"
    [2]=>
    string(6) "telnet"
    [3]=>
    string(4) "dict"
    [4]=>
    string(4) "ldap"
    [5]=>
    string(5) "ldaps"
    [6]=>
    string(4) "http"
    [7]=>
    string(4) "file"
    [8]=>
    string(5) "https"
    [9]=>
    string(4) "ftps"
    [10]=>
    string(3) "scp"
    [11]=>
    string(4) "sftp"
  }
}

How can I get PHP's curl version to also be updated?


All times are GMT -5. The time now is 01:05 AM.