Using Curl to get a Https webpage in Windows 7 - windows

I just need to fetch an https page, and I'm using curl currently by having the curl.exe application in my Path and calling it with a Perl file. However, then I get the error "* Protocol https not supported or disabled in libcurl". I've been looking around and I can't find a solid set of instructions to get it to work. I have installed cygwin, and OpenSSL-Win32 but something tells me I'm going to have to compile curl from scratch. I have no experience with this. How do you do it?

I found the below steps worked well
Download and unzip 64-bit cURL with SSL.
Download the latest bundle of Certficate Authority Public Keys from mozilla.org.
Rename this file from cacert.pem to curl-ca-bundle.crt
Make sure both of them are in the PATH environment.
Test
curl -L https://www.google.com
UPDATE
If you are open to try other tools, I think httpie is also a good alternative.

curl --insecure
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

Related

curl hangs while uploading on Windows

I am using curl on mac and other windows machines to upload my artifacts to HockeyApp service. On one of my machines that runs windows , "curl" constantly "hangs/freezes" during upload.
Here is the command :
curl -F notify=0 -F status=2 -F ipa=#app/build/outputs/apk/app-production-release-2.4.2-SNAPSHOTv42.apk -F dsym=#app/build/outputs/mapping/production/release/mapping.txt -H X-HockeyAppToken:[MY_TOKEN_HERE]https://rink.hockeyapp.net/api/2/apps/[MY_APP_REFERENCE]/app_versions/upload
On windows there is no curl by default , so I use the one installed with this git distribution. I just add the path to curl to path environmental variable. This approach works well on 2 other windows machines. In fact when I open git-bash , the curl command also executes fine. But any attempt to run it from cmd.exe leads to "hanging/freezing".
Any idea on how can I troubleshoot/debug it ?
EDIT :
I have already tried other curl distributions for windows , same result...
I've been struggling with the same issue of curl as well when trying to deploy my app from VSTS to Hockeyapp. in the end I've chosen for not using curl but just using plain powershell on Windows. it's a bit more complicated but it works the same way.
I've uploaded this script to GitHub and can be found there:
https://github.com/Geertvdc/UWPHockeyAppDeployScripts/blob/master/UploadUWPToHockeyApp.ps1
so instead of curl I use Invoke-RestMethod from powershell to do the same call to Hockeyapp.
Try to upgrade your curl to the latest version
where curl
find out where current path of curl, using cywin cli
https://curl.haxx.se/windows/
Come here to find version you want update, download and give it a try.
Reason for this freezing is base on Windows config. I have laptop that need to ghost new installation of Windows 10. Before ghost, curl run well. After ghost, sometime it freezing.
I updated and it runs well now.
Also notice that when run
curl -s
curl will run in silent mode, that never hang out

How to fix curl: (60) SSL certificate: Invalid certificate chain

I get the following error running curl https://npmjs.org/install.sh | sh on Mac OSX 10.9 (Mavericks):
install npm#latest
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
How do I fix this?
First off, you should be wary of urls that throw SSL errors. That being said, you can suppress certificate errors in curl with
curl -k https://insecure.url/content-i-really-really-trust
Using the Safari browser (not Chrome, Firefox or Opera) on Mac OS X 10.9 (Mavericks) visit https://registry.npmjs.org
Click the Show certificate button and then check the checkbox labelled Always trust. Then click Continue and enter your password if required.
Curl should now work with that URL correctly.
NOTE: This answer obviously defeats the purpose of SSL and should be used sparingly as a last resort.
For those having issues with scripts that download scripts that download scripts and want a quick fix, create a file called ~/.curlrc
With the contents
--insecure
This will cause curl to ignore SSL certificate problems by default.
Make sure you delete the file when done.
UPDATE
12 days later I got notified of an upvote on this answer, which made me go "Hmmm, did I follow my own advice remember to delete that .curlrc?", and discovered I hadn't. So that really underscores how easy it is to leave your curl insecure by following this method.
The problem is an expired intermediate certificate that is no longer used and must be deleted. Here is a blog post from Digicert explaining the issue and how to resolve it.
https://blog.digicert.com/expired-intermediate-certificate/
I was seeing the issue with Github not loading via SSL in both Safari and the command line with git pull. Once I deleted the old expired cert everything was fine.
After updating to OS X 10.9.2, I started having invalid SSL certificate issues with Homebrew, Textmate, RVM, and Github.
When I initiate a brew update, I was getting the following error:
fatal: unable to access 'https://github.com/Homebrew/homebrew/': SSL certificate problem: Invalid certificate chain
Error: Failure while executing: git pull -q origin refs/heads/master:refs/remotes/origin/master
I was able to alleviate some of the issue by just disabling the SSL verification in Git. From the console (a.k.a. shell or terminal):
git config --global http.sslVerify false
I am leary to recommend this because it defeats the purpose of SSL, but it is the only advice I've found that works in a pinch.
I tried rvm osx-ssl-certs update all which stated Already are up to date.
In Safari, I visited https://github.com and attempted to set the certificate manually, but Safari did not present the options to trust the certificate.
Ultimately, I had to Reset Safari (Safari->Reset Safari... menu). Then afterward visit github.com and select the certificate, and "Always trust" This feels wrong and deletes the history and stored passwords, but it resolved my SSL verification issues. A bittersweet victory.
On MacOS High Sierra/10.13:
~$brew install curl ca-certificates
works like a charm for me.
Another cause of this can be duplicate keys in your KeyChain. I've seen this problem on two macs where there were duplicate "DigiCert High Assurance EV Root CA". One was in the login keychain, the other in the system one. Removing the certificate from the login keychain solved the problem.
This affected Safari browser as well as git on the command line.
Let's say you try to download something using curl or install hub
using brew, then, you get an error like:
==> Downloading https://ghcr.io/v2/linuxbrew/core/ncurses/manifests/6.2
curl: (60) SSL certificate problem: unable to get local issuer certificate
Then, let ghcr.io being the server, execute following commands:
cd ~
# Download the cert:
openssl s_client -showcerts -servername ghcr.io -connect ghcr.io:443 > cacert.pem
# type "quit", followed by the "ENTER" key / or Ctrl+C
# see the data in the certificate:
openssl x509 -inform PEM -in cacert.pem -text -out certdata-ghcr.io.txt
# move the file to certificate store directory:
sudo mv cacert.pem /usr/local/share/ca-certificates/cacert-ghcr.io.crt
# update certificates
sudo update-ca-certificates
# done !
References
SSL Certificate Verification
Snippet
After attempting all of the above solutions to eliminate the "curl: (60) SSL certificate problem: unable to get local issuer certificate" error, the solution that finally worked for me on OSX 10.9 was:
Locate the curl certificate PEM file location
'curl-config --ca' -- > /usr/local/etc/openssl/cert.pem
Use the folder location to identify the PEM file
'cd /usr/local/etc/openssl'
Create a backup of the cert.pem file
'cp cert.pem cert_pem.bkup'
Download the updated Certificate file from the curl website
'sudo wget http://curl.haxx.se/ca/cacert.pem'
Copy the downloaded PEM file to replace the old PEM file
'cp cacert.pem cert.pem'
This is a modified version of a solution posted to correct the same issue in Ubuntu found here:
https://serverfault.com/questions/151157/ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle
I started seeing this error after installing the latest command-line tools update (6.1) on Yosemite (10.10.1). In this particular case, a reboot of the system fixed the error (I had not rebooted since the update).
Mentioning this in case anyone with the same problem comes across this page, like I did.
In some systems like your office system, there is sometimes a firewall/security client that is installed for security purpose. Try uninstalling that and then run the command again, it should start the download.
My system had Netskope Client installed and was blocking the ssl communication.
Search in finder -> uninstall netskope, run it, and try installing homebrew:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
PS: consider installing the security client.
If you are behind a corporate firewall like Palo Alto it will intercept all TLS/SSL traffic, inspect it and re-encrypt it using its own using self-signed certificates. Although these certificates will typically be available on your workstation, the various programs like npm, Git, curl, etc. will not inherit them from the workstation.
If you are working in an enterprise do not use the -k or --insecure option because this turns of the TLS/SSL encryption completely and opens up you and your organization to compromise
The solution is to add this self signed certificate to the specific certificate chain that is used by the program you are trying to use. I have included a link to Adrian Escutia Soto's answer which is the best way of addressing this. Unfortunately, I cannot comment or upvote on it because I don't have enough reputation points

Why is 'curl' not recognized when running in Windows?

I am trying to run a Curl command wrapped inside Ruby code as below:
f=IO.popen("C:\Windows\System32\curl.exe -H 'Authorization: Bearer #{token}' -s -v -D - http://api.pageuppeople.com/v1/NAS/Config/LanguageDictionary/Overrides --debug 2>NUL").readlines
However, the output I get is:
'curl' is not recognized as an internal or external command, operable program or batch file
I am running on Windows 7.
I also have "C:\Windows\System32" set in the environment path.
Please help.
curl is not a component of Windows. Unless you have specifically installed it, it won't exist on the system.
I am not a Ruby expert, but I suspect that you should really be using the Net::HTTP Ruby library here, or something similar to it. Even on a system where curl is installed, launching it is not a sensible way of running an HTTP request.
Curl does not come with Windows, but it has been ported to Windows.
You can download it here:
http://sourceforge.net/projects/gnuwin32/file
I know nothing about Ruby, but I do know you shuld be using a native libary for your HTTP needs.
CURL is not a Windows component. Download curl.exe and keep it in your path.
Alternatively download curl.exe and invoke the command from the same folder.
Windows 10 now provides C:\Windows\System32\curl.exe but I still see that error message when I try to call it from a service (Jenkins user in my case).
I'll post an update when I find out something more (e.g. which user rights are necessary).
I've installed curl now with chocolatey. See https://chocolatey.org/packages/curl.

Git Bash on windows 7 behind proxy no longer working

I'm on a windows 7, 32 bit box, and working behind a proxy. I just upgraded my git client (Git Bash) to Git-1.8.3-preview20130601, and all of the sudden, I'm getting the following error whenever I try to push/pull:
fatal: unable to access 'https://github.com/User/simple_timesheets.git/:
Received HTTP code 407 from proxy after Connect
I was able to do this just fine before upgrading, and even when I tried to revert back to the last version that I think I had, I still get the error. When I run git config -l, it lists out the following variables (among others):
user.name=MyName
user.email=My#email.com
http.proxy=http://user:password#server:port
core.autocrlf=true
https.proxy=http://user:password#server:port
http.sslcainfo=/bin/curl-ca-bundle.crt
What's odd is that I seem to be able to use the Git Bash client to curl just fine
curl finance.yahoo.com --proxy http://user:password#server:port
and can even curl into a dummy https site I set up on my computer:
curl https://localhost:3000 --insecure
Any ideas what I'm missing? Thanks
EDIT:
I could be wrong, but I think there might be an issue with curl in version 1.8.3. I uninstalled all git related applications I could think of on my computer, and installed Git-1.8.0-preview20121022, ran a pull on a repo and was successful.
For giggles, I uninstalled the working version, and kept the cert file; then reinstalled version 1.8.3 to see if this didn't have anything to do with it, but I got the same error I was originally trying to resolve.
Also, after re-installing version 1.8.0, I tried to curl an https website (gmail), with the following command: curl https://www.gmail.com --proxy http://user:pass#server:port, which was successful. When I did this under 1.8.3, I got an error about code 407. The version switch seems like it solved this.
I had the same issue resolved it by using two proxy filters:
"--proxy or -x" and "--proxy-user".
curl -x http://proxyserverurl:port --proxy-user username:password -L http://url
Though what you have tried is also not wrong but might not be compatible with your curl version.
Hope this helps!
I had the same issue. Exporting the environment variables https_proxy and http_proxy resolved the issue. So I ended up adding the following lines to the .bashrc file in the home directory:
# Configure proxy settings
export https_proxy='http://myproxy.example.com:8086/'
export http_proxy='http://myproxy.example.com:8086/'

Curl command not loading contents in windows 7

I have installed Cygwin & curl(through cygwin installer) on my Windows7 32bit. Then opened cygwin terminal and typed curl --help. Everything works fine with curl showing its command arguments list.
But curl http://www.google.com or any other url takes more time and results
"curl: (52) Empty reply from server
". What is the problem?
Update:Iam behind a proxy server. Any pblm with that?
If your proxy server is the only way to get out at the web, then yes, that's the problem. Curl couldn't care less about what OS you're running under, so won't get for OS-specific proxy settings (ie: Internet Explorer options), so it'll try to do a direct connection. Try adding the --proxy option (curl --help will give the format).

Resources