怎样升级cURL并支持http2

2016年8月2日 | 分类: 【技术】

【介绍】

目前CentOS系统默认安装的 cURL 版本为 7.29.0。 此版本有已知的安全问题。

参考:https://curl.haxx.se/changes.html

【卸载(不必要)】

卸载yum版本:

rpm -e --nodeps curl
rpm -e --nodeps curl-devel

【更新Yum源方法升级(推荐)】

参考:https://10.1pxeye.com/centos7-upgrade-curl/
参考:https://www.jianshu.com/p/a337acb40453
参考:http://lawlietweb.com/2018/08/26/2018-08-26/

安装 repo :

rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-2-1.rhel7.noarch.rpm

查看该 repo 包含的 curl 版本:

yum --showduplicates list curl --disablerepo="*" --enablerepo="city*"

输出:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * city-fan.org: www.city-fan.org
 * city-fan.org-debuginfo: www.city-fan.org
 * city-fan.org-source: www.city-fan.org
Installed Packages
curl.x86_64                                                                                                 7.29.0-51.el7                                                                                                        @base
Available Packages
curl.x86_64                                                                                                 7.64.1-1.1.cf.rhel7                                                                                                  city-fan.org

可见该 repo 包含 7.64.1 的 curl 安装包。

编辑:/etc/yum.repos.d/city-fan.org.repo ,将[city-fan.org]组的enable值改为1,保存退出。

安装:

yum install curl

报错:

...
Error: Package: libcurl-7.64.1-1.1.cf.rhel7.x86_64 (city-fan.org)
           Requires: libnghttp2.so.14()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
...

方法:

yum install https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/l/libnghttp2-1.31.1-1.el7.x86_64.rpm

参考:https://forums.interworx.com/forum/nodeworx/general-discussion-aa/4963-curl-update
参考:https://www.digitalocean.com/community/questions/how-to-upgrade-curl-in-centos6
参考:https://qiita.com/tkprof/items/5460b8d603cbbc542c8c
参考:https://centos.org/forums/viewtopic.php?f=13&t=68872
参考:https://talk.plesk.com/threads/how-to-upgrade-curl-in-centos-7-4.345769/

然后升级成功。

查看CURL版本:

curl -V

输出:

curl 7.64.1 (x86_64-redhat-linux-gnu) libcurl/7.64.1 NSS/3.36 zlib/1.2.8 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.8.2 nghttp2/1.31.1
Release-Date: 2019-03-27
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL UnixSockets

显示已经支持 HTTP2!

用一个HTTP2的网站进行测试:

curl --http2 -I https://nghttp2.org/

输出:

HTTP/2 200
date: Tue, 20 Dec 2016 04:17:36 GMT
content-type: text/html
...

【编译方法升级cURL】

参考:http://www.linuxfromscratch.org/blfs/view/svn/basicnet/curl.html

下载:http://curl.haxx.se/download/

最新版本:curl-7.64.1

wget https://curl.haxx.se/download/curl-7.64.1.tar.gz && tar xvf curl-7.64.1.tar.gz && cd curl-7.64.1
export PKG_CONFIG=/usr/bin/pkg-config PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/lib/pkgconfig 
./configure --prefix=/usr --disable-static --enable-threaded-resolver --with-zlib=/usr/lib --with-ca-bundle=/etc/ssl/ca-bundle.crt
make && make test && make install

输出:

...
libtool: install: /usr/bin/install -c .libs/libcurl.so.4.4.0 /usr/lib/libcurl.so.4.4.0
...
libtool: install: /usr/bin/install -c .libs/curl /usr/bin/curl
...
 /usr/bin/install -c -m 644 curl.h curlver.h easy.h mprintf.h stdcheaders.h multi.h typecheck-gcc.h curlbuild.h curlrules.h '/usr/include/curl'
...
 /usr/bin/install -c -m 644 libcurl.pc '/usr/lib/pkgconfig'
...
rm -rf docs/examples/.deps && find docs \( -name Makefile\* -o -name \*.1 -o -name \*.3 \) -exec rm {} \; && install -v -d -m755 /usr/share/doc/curl-7.64.1 && cp -v -R docs/* /usr/share/doc/curl-7.64.1

更新系统动态连接库配置:

echo /usr/local/lib >> /etc/ld.so.conf && ldconfig

相关路径:

/usr/lib/libcurl.so.4.4.0
/usr/bin/curl
/usr/include/curl
/usr/lib/pkgconfig/libcurl.pc

查看cURL版本:

curl -V

输出:

curl 7.64.1 (x86_64-pc-linux-gnu) libcurl/7.64.1 OpenSSL/1.0.2j zlib/1.2.8 nghttp2/1.18.0-DEV
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets

显示已经支持 HTTP2!

用一个HTTP2的网站进行测试:

curl --http2 -I https://nghttp2.org/

输出:

HTTP/2 200
date: Tue, 20 Dec 2016 04:17:36 GMT
content-type: text/html
...

【排错】

报错:curl: (60) SSL certificate problem: unable to get local issuer certificate

参考:https://blog.csdn.net/sanbingyutuoniao123/article/details/71124655

下载证书:

下载:https://github.com/bagder/ca-bundle/tree/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09

将下载的证书放在 php.ini 的当前目录下的 extras/ssl/ 下面。

cd /usr/local/php/etc/ && mkdir extras && cd extras && wget https://github.com/bagder/ca-bundle/archive/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09.zip && unzip e9175fec5d0c4d42de24ed6d84a06d504d5e5a09.zip && mv ca-bundle-e9175fec5d0c4d42de24ed6d84a06d504d5e5a09 ssl && rm e9175fec5d0c4d42de24ed6d84a06d504d5e5a09.zip

编辑 php.ini

打开 /usr/local/php/etc/php.ini ,添加:

curl.cainfo="/usr/local/php/etc/extras/ssl/ca-bundle.crt"

报错:CURL Error: Resolving timed out after 5515 milliseconds – Code 28

参考:https://blog.csdn.net/sanbingyutuoniao123/article/details/71124655

是防火墙的原因,关闭防火墙:

service firewalld stop

【参考】

参考:https://bagder.gitbooks.io/http2-explained/content/zh/part11
参考:https://ye11ow.gitbooks.io/http2-explained/content/part11
参考:https://segmentfault.com/a/1190000004553963
参考:http://comments.gmane.org/gmane.comp.web.curl.general/14977