curlhomebrewlinuxbrew

Linuxbrew curl certificate issue


I installed Linuxbrew on my server. However when I try to run any command I have issues with curl (used by brew to fetch its updates). Usually when other tools like this have this kind of problem they provide a flag to void the check of the certificate and curl itself gives you this possibility using the -k flag.

However in the documentation of brew I didn't find such a flag available. Therefore my second guess was to set the flag insecure n the .curlrc file placed in my home to set as default that curl does not check for SSL certificates.

Here down an example of the output when I run bew:

-bash-4.1$ brew update
==> Installing dependencies for curl: patchelf, zlib, binutils, linux-headers, glibc, m4, gmp, mpfr, libmpc, isl@0.18, gcc, pkg-config and openssl
==> Installing curl dependency: patchelf
==> Downloading https://linuxbrew.bintray.com/bottles/patchelf-0.10.x86_64_linux.bottle.tar.gz

curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Error: Failed to download resource "patchelf"
Download failed: https://linuxbrew.bintray.com/bottles/patchelf-0.10.x86_64_linux.bottle.tar.gz

Solution

  • In order to get Homebrew to accept the options specified in the .curlrc file there is a flag to be set.

    According to the documentation:

    HOMEBREW_CURLRC
    If set, do not pass --disable when invoking curl(1), which disables the use of curlrc.

    Therefore just run this script in order to get homebrew to ignore the SSL certificate verification:

    echo insecure >> ~/.curlrc
    export HOMEBREW_CURLRC=1
    brew install …