How to change libcurl SSL backend from gnutls to openssl on Ubuntu server

ssl curl ubuntu openssl gnutls

Solution 1:

The -dev packages are the development packages, they contain the library headers, used to develop and compile programs that use the library. They're usually not required by application binary packages (which are already compiled). Installing libcurl4-openssl-dev isn't enough to make the binary packages that have been built against libcurl3-gnutls use OpenSSL instead. It would only be useful for applications that you re-compile against it.

The python-pycurl package has a direct dependency on libcurl3-gnutls and libgnutls26.

Unless there are cURL-based packages for Ubuntu compiled against OpenSSL instead of GnuTLS in an alternative repository, you may have to build them yourself unfortunately.

This could be do in principle by downloading the source (apt-get source python-pycurl, and related packages). You would have to go into the Debian packaging configuration files and change the options (usually passed to the configure script which also configures the Makefiles before compilation) so as to change the compilation options, to use OpenSSL instead. You may also need to change the package description to limit disruption to the other packages, perhaps by using the provide: directive to say that your package can replace the one packaged by Ubuntu.

Solution 2:

I saw a solution on Debian bug tracker.

I figured I'd post a workaround for people to fix the python-pycurl package themselves.

sudo apt-get install build-essential fakeroot dpkg-dev
mkdir ~/python-pycurl-openssl
cd ~/python-pycurl-openssl
sudo apt-get source python-pycurl
sudo apt-get build-dep python-pycurl
sudo apt-get install libcurl4-openssl-dev
dpkg-source -x pycurl_7.18.2-1.dsc
cd pycurl-7.18.2

Note pycurl could have been updated so the name may not exactly be pycurl_7.18.2-1.dsc Edit the debian/control file and replace all instances of libcurl4-gnutls-dev with libcurl4-openssl-dev

dpkg-buildpackage -rfakeroot -b
sudo dpkg -i ../python-pycurl_7.18.2-1_i386.deb

To test just jump on the interpretor and look at the version.

It used to say:

shell~# python
Python 2.5.2 (r252:60911, Jan  4 2009, 17:40:26)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pycurl
>>> pycurl.version
'libcurl/7.18.2 GnuTLS/2.4.2 zlib/1.2.3.3 libidn/1.8'

It will now say (if you did everything right):

shell~# python
Python 2.5.2 (r252:60911, Jan  4 2009, 17:40:26)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pycurl
>>> pycurl.version
'libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18'

The reason just editing the debian/control file works here is because both libcurl4-gnutls-dev and libcurl4-openssl-dev use the file /usr/bin/curl-config to build its packages. One is for gnutls enviroments while the other is for openssl.

Solution 3:

Remove the pycurl module and reinstall it using pip.

sudo pip install pycurl

Related

How do I analyze an Apache Bench result?
Duplicity not writing to a pre-existing S3 bucket
Clarification about Linux TCP window size and delays
show all users on a Catalyst Cisco switch
Brother 4150 CDN "Deep Sleep" How do I disable? [closed]
Magento hosting on a budget
ML350 G5 - upgrade hot swap drives to 6 Gb/s?
Network printer - Print direct or via shared printer on Server?
How do I add items to 'Favorites' via GPO?
Child Domain vs Trust Relationship
Can't make httpd use correct SSL
Make apachectl restart more verbose on Mac 10.8