OS X Yosemite Curl errors - macos

I am trying to use curl on Yosemite and I keep getting the following errors:
01-09-14 17:49:45> curl https://www.kernel.org/pub/software/scm/git/git-manpages-2.1.0.tar.gz
curl: (51) SSL: certificate verification failed (result: 5)
I know I can add -k to the curl to make it download, but I think there is something bigger that I need to fix. The biggest issue is when trying to update Homebrew packages.
I also have this in my bash_profile
export CURL_CA_BUNDLE=/usr/local/share/ca-bundle.crt
and i just downloaded the ca-bundle.crt from http://curl.haxx.se/docs/caextract.html
EDIT: Also on a the guest user account on my laptop the curl works fine

Turns out
export CURL_CA_BUNDLE=/usr/local/share/ca-bundle.crt
was the problem for some reason. Removed that from my bash_profile and restarted a few times and everything works fine now.

Related

Unable to vagrant box add laravel/homestead (errno 60 / SSL read)

Basically I got this error seconds after I trigger
vagrant box add laravel/homestead in my terminal.
What's more interesting, after second failed attempt, the error message is a little bit different (as you see).
Error number 60 is somehow related to SSL. Since I'm running this command via terminal, I really have no idea how to investigate this issue. Can somebody give me any hints? May it be related to poor wireless internet connection?
slick-mac:~ slick$ vagrant version
Installed Version: 1.7.4
Latest Version: 1.7.4
You're running an up-to-date version of Vagrant!
If you get an SSL issue, you can try to add the box using the insecure option
vagrant box add --insecure laravel/homestead
--insecure When present, SSL certificates won't be verified if the URL is an HTTPS URL
I'm deliberately posting this as an answer because probably I've found solution. So far it's still downloading.
What I did:
1. I removed temp stuff
rm -rf ~/.vagrant.d/tmp/
2. I started the download again
vagrant box add laravel/homestead
So far it's still OK despite of my slow internet connection. If that won't work I will try Frederic's solution.
EDIT:
After 80% it failed. (no --insecure) param.
These SSL related issues are not from client side. It is originated from the source. We can do nothing from our side. I have tried with Windows OS, Mac OS X and manual download with many browsers and even with downloaders, no luck. Somehow I managed to download with mobile browser on 4G. I was wondering why not upload this to place everyone can download.
You can find a mirror here on my Google Drive. It is a copy of laravel/homestead 0.5.0. Have fun.
I encountered the same issue. Adding --insecure argument, specifying url, https://atlas.hashicorp.com/laravel/boxes/homestead, and removing the tmp file beforehand did not work for me.
Brutely repeating download attempts to download did however. Thus, in my case, nothing to do with SSL.
what Worked for me was emptying the temp first then running the following command:
vagrant box add --insecure laravel/homestead
it looks like after failing once ,it couldn't resume correctly until the temp was emptied .
hope this helps.

Homebrew installation on Mac OS X Failed to connect to raw.githubusercontent.com port 443

When I try to install Homebrew, I am getting following connection refused error. Please help me to solve this problem.
$ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
curl: (7) Failed to connect to raw.githubusercontent.com port 443: Connection refused
Works for me. Unless its a real problem with github, which it may be but I'm going to guess that its not, its probably a problem with your connection.
Can you get to the same URL via a browser?
https://raw.githubusercontent.com/Homebrew/install/master/install
If you get an error there too, you know what your problem is. (Talk to your network admin)
If that works...maybe try doing just the "curl" command in your terminal to see if curl gives a more specific error?
Also, if that does work, save that file to a file on your computer (brew_install.rb) and then run it via
ruby brew_install.rb
If you are behind a proxy, try this:
sudo vim /etc/hosts
#add the line below and :wq
199.232.28.133 raw.githubusercontent.com
The accepted Answer is outdated now. But based on the answer I solved the problem by:
open the home page of brew https://brew.sh/
copy the URL from the install cmd and open it on your browser https://raw.githubusercontent.com/Homebrew/install/master/install.sh
right-click and save it to your computer
open a terminal and run it with: /bin/bash path-to/install.sh
It was a company proxy problem for me and the solution as mentioned here worked for me.
export HTTPS_PROXY=https://<proxy.mycompany>:<port>
git config --global https.proxy $HTTPS_PROXY
git config --global --get https.proxy
I had the same error,
- Disabled VPN
tried again installing without VPN
It worked for me.
There are several situations here, you can do following things :
reinstall the xcode command line tool by removing the old tools ($ rm -rf /Library/Developer/CommandLineTools) and xcode-select --install
request web page
https://raw.githubusercontent.com/Homebrew/install/master/install
then save it's content to shell file then run it.
change your DNS server to 8.8.8.8 (This is worked for me : ] )
Finally you should run /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
First try to open the link in the browser if it doesn't open then changing the DNS is the answer.
For me changing the DNS to 8.8.8.8 worked for me.
DNS settings can be searched for in the system setting which can be launched through spotlight in Mac OS and then changed.
This solved the pertinent issue for me.
I've seen this a few times on other people's machines and it seems to be fixed after you install xcode, i.e. xcode-select --install
The method of using ruby is probably outdated, as shown below:
As a better alternative, please set your computer's DNS server to 8.8.8.8
These steps solved the problem:
xcode-select --install
restart the Mac
Execute this command:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
and it should work.
Check is https proxy is set
env|grep -I proxy
Then if it is set, remove the env variable
unset HTTPS_PROXY
I solved this problem by the following steps:
removing the old tools ($ rm -rf /Library/Developer/CommandLineTools)
install xcode command line tools again ($ xcode-select --install).
Although saving the shell file locally and then running it can solve this problem, but you'll meet it again when you do something similar(e.g. install oh-my-zsh, vim-plug, etc.)
At last, I find the 3rd item of this answer(https://stackoverflow.com/a/61787208/5458745) works best for me, as it can also solve the problem I meet when installing other tools using curl. However instead of changing the DNS, I add 8.8.8.8 to my original DNS server list, which works fine for me.
Change your DNS server to 8.8.8.8 (This is worked for me)
I solved it.
You can visit https://github.com/Homebrew/install/blob/master/install.sh to get this install.sh by copy the whole contents.
Then paste it into install.sh and run sh install.sh.
A combination of what #blueskin mentioned first and then what #Ferenc Yim mentioned is what worked for me.
The script also requires sudo access (not necessarily run with a sudo prefix just need admin access)
sudo vim /etc/hosts
Once the vim code editor is open add the following line at end of the file
199.232.68.133 raw.githubusercontent.com

How to fix curl: (60) SSL certificate: Invalid certificate chain

I get the following error running curl https://npmjs.org/install.sh | sh on Mac OSX 10.9 (Mavericks):
install npm#latest
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
How do I fix this?
First off, you should be wary of urls that throw SSL errors. That being said, you can suppress certificate errors in curl with
curl -k https://insecure.url/content-i-really-really-trust
Using the Safari browser (not Chrome, Firefox or Opera) on Mac OS X 10.9 (Mavericks) visit https://registry.npmjs.org
Click the Show certificate button and then check the checkbox labelled Always trust. Then click Continue and enter your password if required.
Curl should now work with that URL correctly.
NOTE: This answer obviously defeats the purpose of SSL and should be used sparingly as a last resort.
For those having issues with scripts that download scripts that download scripts and want a quick fix, create a file called ~/.curlrc
With the contents
--insecure
This will cause curl to ignore SSL certificate problems by default.
Make sure you delete the file when done.
UPDATE
12 days later I got notified of an upvote on this answer, which made me go "Hmmm, did I follow my own advice remember to delete that .curlrc?", and discovered I hadn't. So that really underscores how easy it is to leave your curl insecure by following this method.
The problem is an expired intermediate certificate that is no longer used and must be deleted. Here is a blog post from Digicert explaining the issue and how to resolve it.
https://blog.digicert.com/expired-intermediate-certificate/
I was seeing the issue with Github not loading via SSL in both Safari and the command line with git pull. Once I deleted the old expired cert everything was fine.
After updating to OS X 10.9.2, I started having invalid SSL certificate issues with Homebrew, Textmate, RVM, and Github.
When I initiate a brew update, I was getting the following error:
fatal: unable to access 'https://github.com/Homebrew/homebrew/': SSL certificate problem: Invalid certificate chain
Error: Failure while executing: git pull -q origin refs/heads/master:refs/remotes/origin/master
I was able to alleviate some of the issue by just disabling the SSL verification in Git. From the console (a.k.a. shell or terminal):
git config --global http.sslVerify false
I am leary to recommend this because it defeats the purpose of SSL, but it is the only advice I've found that works in a pinch.
I tried rvm osx-ssl-certs update all which stated Already are up to date.
In Safari, I visited https://github.com and attempted to set the certificate manually, but Safari did not present the options to trust the certificate.
Ultimately, I had to Reset Safari (Safari->Reset Safari... menu). Then afterward visit github.com and select the certificate, and "Always trust" This feels wrong and deletes the history and stored passwords, but it resolved my SSL verification issues. A bittersweet victory.
On MacOS High Sierra/10.13:
~$brew install curl ca-certificates
works like a charm for me.
Another cause of this can be duplicate keys in your KeyChain. I've seen this problem on two macs where there were duplicate "DigiCert High Assurance EV Root CA". One was in the login keychain, the other in the system one. Removing the certificate from the login keychain solved the problem.
This affected Safari browser as well as git on the command line.
Let's say you try to download something using curl or install hub
using brew, then, you get an error like:
==> Downloading https://ghcr.io/v2/linuxbrew/core/ncurses/manifests/6.2
curl: (60) SSL certificate problem: unable to get local issuer certificate
Then, let ghcr.io being the server, execute following commands:
cd ~
# Download the cert:
openssl s_client -showcerts -servername ghcr.io -connect ghcr.io:443 > cacert.pem
# type "quit", followed by the "ENTER" key / or Ctrl+C
# see the data in the certificate:
openssl x509 -inform PEM -in cacert.pem -text -out certdata-ghcr.io.txt
# move the file to certificate store directory:
sudo mv cacert.pem /usr/local/share/ca-certificates/cacert-ghcr.io.crt
# update certificates
sudo update-ca-certificates
# done !
References
SSL Certificate Verification
Snippet
After attempting all of the above solutions to eliminate the "curl: (60) SSL certificate problem: unable to get local issuer certificate" error, the solution that finally worked for me on OSX 10.9 was:
Locate the curl certificate PEM file location
'curl-config --ca' -- > /usr/local/etc/openssl/cert.pem
Use the folder location to identify the PEM file
'cd /usr/local/etc/openssl'
Create a backup of the cert.pem file
'cp cert.pem cert_pem.bkup'
Download the updated Certificate file from the curl website
'sudo wget http://curl.haxx.se/ca/cacert.pem'
Copy the downloaded PEM file to replace the old PEM file
'cp cacert.pem cert.pem'
This is a modified version of a solution posted to correct the same issue in Ubuntu found here:
https://serverfault.com/questions/151157/ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle
I started seeing this error after installing the latest command-line tools update (6.1) on Yosemite (10.10.1). In this particular case, a reboot of the system fixed the error (I had not rebooted since the update).
Mentioning this in case anyone with the same problem comes across this page, like I did.
In some systems like your office system, there is sometimes a firewall/security client that is installed for security purpose. Try uninstalling that and then run the command again, it should start the download.
My system had Netskope Client installed and was blocking the ssl communication.
Search in finder -> uninstall netskope, run it, and try installing homebrew:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
PS: consider installing the security client.
If you are behind a corporate firewall like Palo Alto it will intercept all TLS/SSL traffic, inspect it and re-encrypt it using its own using self-signed certificates. Although these certificates will typically be available on your workstation, the various programs like npm, Git, curl, etc. will not inherit them from the workstation.
If you are working in an enterprise do not use the -k or --insecure option because this turns of the TLS/SSL encryption completely and opens up you and your organization to compromise
The solution is to add this self signed certificate to the specific certificate chain that is used by the program you are trying to use. I have included a link to Adrian Escutia Soto's answer which is the best way of addressing this. Unfortunately, I cannot comment or upvote on it because I don't have enough reputation points

Git Bash on windows 7 behind proxy no longer working

I'm on a windows 7, 32 bit box, and working behind a proxy. I just upgraded my git client (Git Bash) to Git-1.8.3-preview20130601, and all of the sudden, I'm getting the following error whenever I try to push/pull:
fatal: unable to access 'https://github.com/User/simple_timesheets.git/:
Received HTTP code 407 from proxy after Connect
I was able to do this just fine before upgrading, and even when I tried to revert back to the last version that I think I had, I still get the error. When I run git config -l, it lists out the following variables (among others):
user.name=MyName
user.email=My#email.com
http.proxy=http://user:password#server:port
core.autocrlf=true
https.proxy=http://user:password#server:port
http.sslcainfo=/bin/curl-ca-bundle.crt
What's odd is that I seem to be able to use the Git Bash client to curl just fine
curl finance.yahoo.com --proxy http://user:password#server:port
and can even curl into a dummy https site I set up on my computer:
curl https://localhost:3000 --insecure
Any ideas what I'm missing? Thanks
EDIT:
I could be wrong, but I think there might be an issue with curl in version 1.8.3. I uninstalled all git related applications I could think of on my computer, and installed Git-1.8.0-preview20121022, ran a pull on a repo and was successful.
For giggles, I uninstalled the working version, and kept the cert file; then reinstalled version 1.8.3 to see if this didn't have anything to do with it, but I got the same error I was originally trying to resolve.
Also, after re-installing version 1.8.0, I tried to curl an https website (gmail), with the following command: curl https://www.gmail.com --proxy http://user:pass#server:port, which was successful. When I did this under 1.8.3, I got an error about code 407. The version switch seems like it solved this.
I had the same issue resolved it by using two proxy filters:
"--proxy or -x" and "--proxy-user".
curl -x http://proxyserverurl:port --proxy-user username:password -L http://url
Though what you have tried is also not wrong but might not be compatible with your curl version.
Hope this helps!
I had the same issue. Exporting the environment variables https_proxy and http_proxy resolved the issue. So I ended up adding the following lines to the .bashrc file in the home directory:
# Configure proxy settings
export https_proxy='http://myproxy.example.com:8086/'
export http_proxy='http://myproxy.example.com:8086/'

curl: (7) error when i try installing Homebrew on iMac

Setup iMac OSX 10.7.4,
Hi there,
I am trying to install Homebrew on my iMac but I keep getting an error. I am following the instructions on https://github.com/mxcl/homebrew/wiki/installation
I have Xcode installed and the Java Developer update which it specifies on the website.
I open Terminal and paste
/usr/bin/ruby -e "$(/usr/bin/curl -fsSL https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install_homebrew.rb)"
But I keep getting the error
curl: (7) couldn't connect to host
Has anyone any suggestions?
EDIT:
Just to add I am on a college network incase its relevant
EDIT: I have also reinstalled Curl
For my specific case, I use SOCKS proxy for all traffic. So my installation command is:
ruby -e "$(curl -fsSL --socks5 127.0.0.1:30000 https://raw.github.com/mxcl/homebrew/go)"
where 127.0.0.1:30000 is the SOCKS proxy.
Something is blocking your connection to github. Try accessing the url https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install_homebrew.rb in your browser.
My issue was Curl not being configured to bypass my proxy.
One of they guys here in the office sorted it out for me. From what I understand the settings on curl had to be changed and not the proxy.
Hopefully this will help others in future.
I too had same problem.
The recipe for proxies should add --noproxy after curl statement
ruby -e "$(curl --noproxy -fsSL https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install_homebrew.rb)"
I also ran into this error and in my instance it was because my firewall was blocking or preventing outbound connections to Japan where it was trying to pull down the ruby version. Once the firewall rule was adjusted to allow the connections to that country everything worked fine.

Resources