Search code examples
linuxamazon-web-servicescurlpaypalamazon-ami

how to update curl on AWS RHEL 6.4 AMI on a t1.micro instance

I have t1.micro instance created using AWS AMI. Here is the version details

lsb_release -a
LSB Version:    :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 6.7 (Santiago)
Release:        6.7
Codename:       Santiago

The server is fully functional and working fine. However, its not sending TLs1.2 connection to other servers when connected using Curl.

Here is the test script

$php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

Output:

bool(false)
string(17) "SSL connect error"

The test works fine when I do it using python as follow $python -c "import urllib2; print(urllib2.urlopen('https://tlstest.paypal.com/').read())"

Output: PayPal_Connection_OK

The software versions are as follow

curl-7.19.7-46.el6.x86_64
libcurl-7.19.7-46.el6.x86_64
OpenSSL 1.0.1e-fips 11 Feb 2013
NSS/3.18 Basic ECC
PHP Version 5.3.3

I suspect its unable to use TLS1.2 on Curl request due to older version of Curl.

I tried updating it through yum update

sudo yum install curl libcurl
Loaded plugins: amazon-id, rhui-lb, security
Setting up Install Process
rhui-REGION-client-config-server-6 | 2.9 kB 00:00
rhui-REGION-rhel-server-releases | 3.7 kB 00:00
rhui-REGION-rhel-server-rh-common | 3.8 kB 00:00
Package curl-7.19.7-46.el6.x86_64 already installed and latest version
Package libcurl-7.19.7-46.el6.x86_64 already installed and latest version
Nothing to do

but its stating its upto date and there is nothing to update.

I am wondering why yum is not updating Curl to the latest version? Appreciate any pointers.

Thanks, awsway

Solution

  • got answer from this link https://www.digitalocean.com/community/questions/how-to-upgrade-curl-in-centos6

    worked for me.

    add a new text file called /etc/yum.repos.d/city-fan.repo containing

    [CityFan]
name=City Fan Repo
baseurl=http://nervion.us.es/city-fan/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0

    Either way, you should then be good to go :

    yum install libcurl should update cURL to a (very) recent openSSL-based version (7.46.0 at the time of writing), which will resolve the "unknown protocol" errors for TLSv1 etc.

    You may want to then remove/rename the city-fan.repo file if you want to prevent yum later also updating other packages you may have installed with "non-official" later versions.