Develop Reference

opam init failure upon attempted OCaml installation on MacOS 10.14.16

I am attempting to install OCaml via the OCaml opam package manager on MacOs. I have successfully installed opam via homebrew. Initiating the package manager with opam init yields the following error:
[ERROR] Could not update repository "default":
OpamDownload.Download_fail(_, "Curl failed: \"/usr/bin/curl
--write-out %{http_code}\\\\n --retry 3 --retry-delay 2
--user-agent opam/2.1.0 -L -o
/private/var/folders/c_/6splkz692w16x82lzgnsxgfr0000gn/T/opam-57814-6b2069/index.tar.gz.part
-- https://opam.ocaml.org/index.tar.gz\" exited with code 60")
[ERROR] Initial download of repository failed.
What can I do to facilitate successful connection to the repository and initialise opam?

This error message indicates that curl is unable to establish the authenticity of the peer, i.e., https://opam.ocaml.org
This could happen because the certificates on either side are outdated. We can easily check if opam.ocaml.org is up-to-date, using one of the available online SSL checkers, e.g., this one says that they are OK. So it looks like that the problem is on your side.
First of all, you should try using your operating system upgrading options to get everything up-to-date.
If it is not an option, then you can use the --insecure option that you can pass using the OPAMFETCH environment variables. Or you can download the corresponding certificates and store a path to them in the ~/.curlrc, look here for more information.

I had the same problem and solved it by first running brew install wget and then opam init, which suddenly worked.

I ran into the same issue and I found a workaround on the OCaml forum: here. (Credits to UnixJunkie)
You can run:
opam init github git+https://github.com/ocaml/opam-repository.git
This should avoid the certificate issues.
I tried to use ivg's solution but must have made a mistake in moving the .pem files, so I couldn't get that solution to work. The workaround was quick.
Update
The reason opam init failed for me was because curl was installed with snap on my system.
Try to run opam init -verbose and that could reveal more about why you ran into an error.
In my case I needed to install other things with opam and it kept failing every time. So snap uninstall curl and then sudo apt install curl fixed things. (Was only able to figure this out with help from my professor)

Install curl first.
On MacOS: brew install curl
On Debian/Ubuntu Linux (and derivations): sudo apt-get install curl

How does wget on macOS handle certificates?

OS: macOS Big Sur
Applications: wget/openssl1.1 both via brew
I want to download some files from a webserver with wget via https, but I get the error message: Unable to locally verify the issuer's authority. However, I can connect to this server with curl which comes with macOS. Of course I could use --no-check-certificate, but I'd like to understand the background and do it the proper way.
As I understand it curl uses macOS' libressl and wget uses openssl as backend. For wget I've tried to export all system root certificates as a pem file from keychain and passed this pem file via --ca-certificate to wget. Still the same error.
Why can curl verify the certificate without doing anything while wget can not?
╰─$ brew info openssl
openssl#1.1: stable 1.1.1i (bottled) [keg-only]
Cryptography and SSL/TLS Toolkit
https://openssl.org/
/usr/local/Cellar/openssl#1.1/1.1.1i (8,067 files, 18.5MB)
Poured from bottle on 2021-01-28 at 07:11:37
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/openssl#1.1.rb
License: OpenSSL
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
/usr/local/etc/openssl#1.1/certs
and run
/usr/local/opt/openssl#1.1/bin/c_rehash
openssl#1.1 is keg-only, which means it was not symlinked into /usr/local,
because macOS provides LibreSSL.
Edit: This is what I've tried so far:
download via system curl -> no problem
installed (and reinstalled) curl and wget via brew (openssl as dependency) -> both can not verify the certificate, although it is a normal root CA certificate and OpenSSL via brew claims to export all these certificates to its own storage.
system curl with verbose option says it uses /etc/ssl/cert.pem for lookup, so I've tried to pass this file via --cacert resp. --ca-certificate to curl/wget -> same error.
I also tried to export the root CA explicitly in pem format and pass it on, still not working
Download the site's certificate manually via openssl: openssl s_client -showcerts -servername domain -connect domain, save the certificate as .pem and use it with wget -> works
I also checked that the certificate key for the root ca 'Digicert Global Root CA' is present in both /etc/ssl/cert.pem as well as in openssl's /usr/local/etc/openssl#1.1/cert.pem
I still don't understand why it won't work when OpenSSL via brew is supposed to export all the Root CAs to its own storage during install.

There is not enough information in your post to nail down the exact issue, but here are some suggestions that may help you forward:
Download the server's certificate bundle and locally analyse its verification using the openssl verify command.
Leverage the openssl s_client command to set up a TLS connection to the server directly and inspect the logged information, or dig deeper using its debug option(s). It has an undocumented debug option -security_debug_verbose that may help. If your OpenSSL is built with the the enable-ssl-trace option (which is not the case for the brew formula), you could use the -trace option for more output.
Run curl with -v or some --trace flags to get more insight in its verification behavior.
You could do all of this with both the OpenSSL and LibreSSL versions of openssl and curl and observe the differences. The openssl version of curl can be installed with brew.
You could also use another (non-OpenSSL) client to set up a connection and see if it fails with more information. For example gnutls-cli, which you can install via brew install gnutls, provides quite a bit of debug information.

Mac - Can't Install HomeBrew because Curl is Missing

I tried to install homebrew onto my mac, but I couldn't because curl wasn't found. I typed:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
This returned this error:
-bash: curl: command not found
So, I tried to install curl but apparently to install curl, I need to use curl? This is what I found:
Run in Terminal app:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" <
/dev/null 2> /dev/null
Run:
brew install curl
Done! You can now use curl.
However, this uses curl to install curl, so it gives the same error message: -bash: curl: command not found
TL;DR, how do I install curl on mac without using curl

I solved the problem!
To use bash on mac:
Go to terminal ––> preferences
Click on Shells open with: and set it to Command (complete path)
Enter one of the following:
/bin/bash
/bin/csh
/bin/zsh
/bin/zsh-4.0.4 (Mac OS X 10.2.8 or earlier)
/bin/zsh-4.1.1 (Mac OS X 10.3 or later)
/bin/ksh (Mac OS X 10.4 or later)
/bin/ksh worked for me
Source

I thought I broke my curl symlink somehow too, and somewhere in there I ran into your same issue, where no command would work. Somewhere in this mess, I fixed it.
https://brew.sh/
The main website requires you to install wget, maybe it gets deleted when you uninstall homebrew.
Regardless I found a way to install it using Ubuntu commands.
https://xmrig.com/docs/miner/build/ubuntu
but ran into an issue where I had to download cmake from the developer website and add it to the path in it's menu options on Mac OS X 10.11 to compile and run my program as ./program instead of program, then I installed macports(opened a new terminal window), and installed hwloc with macports, to no avail, just getting totally different errors.
I've also tried to add curl as an alias of curl into the bash profile and it recognized the error after I used this;
https://github.com/Homebrew/homebrew-core/issues/5084
However, I forgot I have an identical computer that is working just fine, but when I run "which curl", in the working computer, I get /usr/bin/curl, instead of /usr/local/bin/curl, so I ran
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/bin/curl"
I'm still getting the error, so I used vim, to sudo edit the /etc/paths file by using
sudo vim /etc/paths
i for edit
esc to exit edit mode
:x to save
Restart Terminal
Still getting a 403 SNI Error cannot download Python 3.9
rm -rf /opt/local/bin/curl
rm -rf /usr/local/bin/curl
which curl finally returns the correct path, /usr/bin/curl
exit
Restart Terminal
Still same error so I removed /usr/bin/curl from /etc/paths, and export file. Also deleted the bash profile, as the working computer doesn't return one, and...still the same error, so I conclude that "curl is not in path" should be ignored.
I did get brew doctor to return with no errors.
brew upgrade curl
curl not installed
brew install curl
403 Error SNI is required.
brew upgrade openssl
openssl 1.1.1j already installed

In my case, I made a mistake while editing my $PATH.
I would recommend looking at all your ~/.bash_profile and ~/.zshrc.
Remove ALL code related to $PATH. Carefully add things back in.

How do I enable curl SSL on Mac OS X?

I'm using Terminal on Mac OS X 10.11.2 and I can't process any https requests. I always get this error:
curl: (1) Protocol "https" not supported or disabled in libcurl
I tried this but I get a "wrong directory" error:
./configure --with-ssl=/usr/local/ssl
Any advice would be helpful.
EDIT:
This is the error I get when trying to install with ssl:
configure: error: OpenSSL libs and/or directories were not found where specified!
SOLUTION:
For Mac OS X 10.6 or later use this to enable SSL:
./configure --with-darwinssl

The Homebrew team has recently removed all install options for the cURL formula, which means you will not be able to do brew install curl --with-openssl now. Instead, do brew install curl-openssl. Make sure to uninstall the old one with brew uninstall curl first.

Following steps helped fix the issue:
(Note: libcurl will be rebuilt though)
# First simply remove curl and try reinstall with openssl:
brew rm curl && brew install curl --with-openssl # Rerun
If doesn't fix, download and rebuild libcurl with following steps, which helped me fix the issue
# Download curl from : https://curl.haxx.se/download.html
wget https://curl.haxx.se/download/curl-7.58.0.zip # or, wget https://curl.haxx.se/download/curl-*.*.*
unzip curl-7.58.0.zip # or, unzip curl-*.*.*
./configure --with-darwinssl # However for Linux(ubuntu): ./configure --with-ssl
make
sudo make install # Rerun the program

SOLUTION:
For Mac OS X 10.6 or later use this to enable SSL:
./configure --with-darwinssl

Solved it by replacing standard curl with one with nghttp2 support (require brew)
brew install curl --with-nghttp2
brew link curl --force
include --http2 when doing request
example:
curl --http2 https://www.example.com
or:
curl --header 'Access-Token: o.bFbpTuazstlUZXsnyTWTaJq0biZ' \
--http2 https://www.example.com/
Ref:
https://daniel.haxx.se/blog/2016/08/01/curl-and-h2-on-mac/
https://simonecarletti.com/blog/2016/01/http2-curl-macosx/

I made one rookie mistake by adding the URL within quotation marks (curl -v -k "https://URL.com"). After putting the link within apostrophes (curl -v -k 'https://URL.com') curl was accepting the https URL.

For anyone that stumbles upon this in 2021 and later using Xcode 12+ attempting to build their project via commandline and doesn't want to rely on 'brew' or other package managers...
I was hitting the ./configure: No such file or directory issue after getting the curl source from github.
The source from github is missing the configure exec. that you need to generate your makefiles
Apple provides the curl source along with required MacOS/iOS build settings in their Open Source Browser:
https://opensource.apple.com/source/curl/
https://opensource.apple.com/release/macos-112.html
Download & unpack the source
Set your env variables - Apple Platforms (macOS, iOS, tvOS, watchOS, and their simulator counterparts)
export ARCH=arm64
export SDK=iphoneos
export DEPLOYMENT_TARGET=11.0
export CFLAGS="-arch $ARCH -isysroot $(xcrun -sdk $SDK --show-sdk-path) -m$SDK-version-min=$DEPLOYMENT_TARGET"
cd to the /curl directory
run: ./configure --with-darwinssl
My use case is building an iOS app on a hosted macOS build agent in Azure DevOps

curl "no start line" LibreSSL errors after update to OSX High Sierra

I am trying to connect to a server using curl; this server requires a .p12 certificate file and a passphrase. This has not been a problem in the few weeks I have been running my program. However, after my update to High Sierra, I now get LibreSSL errors. My colleagues running Windows 7 and 10 don't have this issue, either:
In Terminal:
$ curl -k https://server_metadata_link --cert certificate.p12 --pass “password”
curl: (58) could not load PEM client certificate, LibreSSL error error:0906D06C:PEM routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)
In R:
> set_config(config(ssl_verifyhost = 0L, ssl_verifypeer = 0L))
> set_config(config(sslcert = certificate.p12, keypasswd = password))
> GET("https://server_metadata_link")
Error in curl::curl_fetch_memory(url, handle = handle) : could not load PEM client certificate, LibreSSL error error:0906D06C:PEM routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)
I would prefer not to backtrack to Sierra, as I have a colleague with a new Mac who is stuck in High Sierra. I don't think there is an error with the certificates, as like I said, this worked fine before the upgrade to High Sierra. After researching this issue, I think it may have something to do with Mac's move from OpenSSL to LibreSSL in High Sierra. I don't know what effect that might have on the back end, but it could explain why only my colleague and I have the error, while another colleague with Sierra does not.
Another issue may be that my version of curl is 7.54.0 (as is my colleague's with High Sierra), while the latest is 7.58.0. I don't know if this could also be causing a problem, but as a separate issue I'm not sure how to force my Mac to use the most recent version of curl; since it's included in the Mac, Homebrew won't let me install the latest version.
The only other note I have is that if I change the R config from "sslcert = certificate.p12" to "sslkey = certificate.p12" or the Terminal command from "--cert certificate.p12" to "--key certificate.p12" I get a normal 403 error saying I couldn't connect to the server.
Any help would be appreciated, and please let me know if there is any other information I should provide. Thanks in advance.

Homebrew will let you install the latest version of homebrew, but it is keg-only since OSX provides an older version of curl:
$ brew install curl
==> Downloading https://homebrew.bintray.com/bottles/curl-7.58.0.high_sierra.bottle.tar.gz
Already downloaded: /Users/kyle.varga/Library/Caches/Homebrew/curl-7.58.0.high_sierra.bottle.tar.gz
==> Pouring curl-7.58.0.high_sierra.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS already provides this software and installing another version in
parallel can cause all kinds of trouble.
If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/curl/bin:$PATH"' >> ~/.zshrc
You need to run the export command for it to run. After updating $PATH, you should get
$ which -a curl
/usr/local/opt/curl/bin/curl
/usr/bin/curl
After doing this, when running curl with a p12 file, it asks for me to unlock OSX keychain and resolves the could not load PEM client certificate error.