22

So I build openssl

./config
make
sudo make install
sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`

I build curl

./configure --with-ssl 
make
make install

OpenSSL looks installed correctly:

openssl version
OpenSSL 1.0.1g 7 Apr 2014

however curl uses old openssl version (1.0.1f instead of 1.0.1g):

curl --version
curl 7.37.0 (x86_64-unknown-linux-gnu) libcurl/7.37.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp 
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

how to make curl use new version?

I want to try the newest versions, because I am fighting with some strange openssl/curl bug #1 #2

Edit: I also tried ./configure --with-ssl=/usr/local/ssl/include/openssl, no success

Edit2: So far I also tried:

  • sudo ./configure --with-ssl --with-libssl-prefix=/usr/local/ssl
  • ./configure --with-ssl=/usr/local/ssl
  • PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig ./configure
  • PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig ./configure --with-ssl
  • PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig ./configure --with-ssl=/usr/local/ssl/include/openssl

no success...

Peter
  • 303
  • 1
  • 4
  • 15

9 Answers9

15

You need to specify the directory where OpenSSL is installed (your symlink is neither necessary nor sufficient)

./configure --with-ssl=/usr/local/ssl

EDIT: Alternatively, you can set your PKG_CONFIG_PATH environment variable (as suggested by ./configure --help):

PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig ./configure

fkraiem
  • 12,555
  • 4
  • 35
  • 40
  • 1
    first option gives me configure: error: OpenSSL libs and/or directories were not found where specified! Please see my edit - there is no error with --with-ssl=/usr/local/ssl/include/openssl but old openssl is used. second option configures curl without HTTPS – Peter Jun 02 '14 at 10:50
  • I may have gotten the directories slightly wrong, I don't have access to a Linux box right now... Basically, your manual OpenSSL installation put a file openssl.pcsomewhere, you need to point PKG_CONFIG_PATH to the directory where that file is (and make sure you have pkg-config installed, of course). – fkraiem Jun 02 '14 at 11:06
  • 1
    PKG_CONFIG_PATH path is correct, I have pkg-config installed too, but somehow it doesn't work. without --with-ssl there is no HTTPS, with --with-sslit throws error configure: error: OpenSSL libs and/or directories were not found where specified! – Peter Jun 02 '14 at 11:07
  • Where and how did you install ssl ? Use the correct path. – Panther Jun 02 '14 at 15:01
  • @bodhi.zazen I have install both Ubuntu package from official repositories and compiled openssl in /usr/local/ssl – Peter Jun 05 '14 at 08:25
  • both options suggested by @fkraiem worked fine on Ubuntu 14.04 with older openssl installed via "apt-get" (OpenSSL 1.0.1f 6 Jan 2014) and then manually upgraded OpenSSL up to (OpenSSL 1.0.2k 26 Jan 2017). And "/usr/local/ssl/lib/pkgconfig" is the right place for openssl.pc file. Thanks! – Dmitry Shevkoplyas Apr 04 '17 at 17:26
  • How is it possible for you all to compile curl, especially @DmitryShevkoplyas as recently as a couple months ago? ./configure tests OpenSSL at path provided by --with-ssl=____ and if HMAC_Update is not found, it abandons ssl. Well, OpenSSL contains HMAC_Update, but the test fails, and cannot include ssl. Ubuntu 14.04, OpenSSL 1.0.2l, curl 7.46 – Tom Pace Jul 14 '17 at 22:03
  • Bravo. That was GREATE!!! – BarzanHayati Feb 06 '23 at 09:39
11
sudo apt-get install libssl-dev
./configure --prefix=/usr --libdir=/usr/lib/x86_64-linux-gnu
sudo make
sudo make install

Is all I needed to build curl 7.43 on ubuntu 15.04

Berto B.
  • 111
  • Beautiful. This worked on 19.04. Somehow curl couldn't detect my openssl, so I did these exact steps with libssl-dev and it worked like charm! – Alex Dec 21 '19 at 22:18
6

What I found out, when I was going through the same exercise, is that curl simply can't work with openssl static libraries. It was always searching for dynamic, no matter what I was doing, so eventually I did three things that worked for me

Configured openssl with enable-shared: ./config enable-shared
Configured curl with openssl: ./configure --with-ssl
Used LD_LIBRARY_PATH: LD_LIBRARY_PATH=/usr/local/lib:/usr/local/ssl/lib /usr/local/bin/curl -V

The latter command with -V flag will show the openssl version used by curl. I've added /usr/local/lib to LD_LIBRARY_PATH to make sure that curl uses the right libcurl version.

Oleg Gryb
  • 271
  • 4
  • 6
  • This helped me, particularly LD_LIBRARY_PATH which I've added to bash_profile. I did something similar, but instead of the first line, I used export CFLAGS=-fPIC; ./config shared (not enable-shared). For curl, I used --with-ssl=/usr/local/ssl although the path arg may have been redundant. – mahemoff Sep 03 '15 at 10:32
  • 1
    I'm glad it worked for you and yes, path in --with-ssl is redundant, because what you've provided is a default location for the build. – Oleg Gryb Sep 03 '15 at 16:17
5

This was a long and arduous path for me. Hours and hours (you know how it is). Here's what I found:

For Ubuntu 12.04 / 14.04 you have to manually install both openssl and curl

Manually install openssl 1.0.2g:

sudo apt-get install make # (Install compiling library Make)
wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz # (Download the latest OpenSSL 1.0.2g binaries)
tar -xzvf openssl-1.0.2g.tar.gz # (Extract the tar ball to the local directory)
cd openssl-1.0.2g # (Enter extracted OpenSSL directory)
sudo ./config # (Configure binaries for compiling)
sudo make install # (install configured binaries)
sudo ln -sf /usr/local/ssl/bin/openssl `which openssl` # (This will create a sym link to the new binaries)
openssl version -v

IF YOU WANT NGHTTP2 (optional / recommended):

# Get build requirements
# Some of these are used for the Python bindings
# this package also installs
sudo apt-get install g++ make binutils autoconf automake autotools-dev libtool pkg-config \
  zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
  libjemalloc-dev cython python3-dev python-setuptools

Build nghttp2 from source

git clone https://github.com/tatsuhiro-t/nghttp2.git cd nghttp2 autoreconf -i automake autoconf ./configure make sudo make install

Manually install curl:

cd ~
sudo apt-get build-dep curl
wget http://curl.haxx.se/download/curl-7.46.0.tar.bz2
tar -xvjf curl-7.46.0.tar.bz2
cd curl-7.46.0
./configure --with-nghttp2 --with-ssl --with-libssl-prefix=/usr/local/ssl # This is the line I had the most trouble with, especially figure out --with-libssl-prefix
make
sudo make install
sudo ldconfig

Final Steps

sudo ldconfig
sudo service apache2 restart # if you're using apache

Now that you're done, try curl --version and make sure you see the correct version of openssl in there. Specifically openssl >= 1.0.2g (and nghttp2 if you opted for it)

$ curl --version
curl 7.50.2 (x86_64-pc-linux-gnu) libcurl/7.50.2 OpenSSL/1.0.2k zlib/1.2.8 nghttp2/1.21.0-DEV
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets 

citations: curl opennssl

Zanna
  • 70,465
Jacksonkr
  • 341
3
./configure --with-ssl=/usr/lib/ssl --libdir=/usr/lib/x86_64-linux-gnu
sudo make
sudo make install

After struggling some hours I managed to enable https with libcurl 7.38 in ubuntu 15.05

Kalle Richter
  • 6,180
  • 21
  • 70
  • 103
Dev
  • 31
2

I managed to compile curl using static OpenSSL libraries. This is the tl;dr version:

OpenSSL

./config no-shared --prefix=$PWD/_installdir
make depend && make && make install

curl

LIBS="-ldl" ./configure --prefix=$PWD/_installdir --with-ssl=/something/opensslrootdir/_installdir --disable-shared
make && make install

The LIBS="-ldl" part is essential.

0

I generally followed Jacksonkr's answer, but I needed all of the above mentioned by others together:

LIBS="-ldl" PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig ./configure --with-ssl --with-libssl-prefix=/usr/local/ssl --disable-shared

--disable-shared is optional, I guess, it;s just I need it

Thomas
  • 6,223
0

I was able to mitigate this issue by adding the --without-zlib option.

zx485
  • 2,426
0

Compiling openssl use default configure generates static library only, so, if you want to use static library in curl, you can do like this:

LIBS="-ldl -lpthread" ./configure --disable-shared --prefix=/usr/local/curl --with-ssl=/usr/local/ssl

I sought the answer from here.

NOTE: following this way only generates curl static library.

Zanna
  • 70,465