In High Sierra, curl has switched from linking against SecureTransport, to use LibreSSL. However with this change, it seems that curl no longer recognises trusted certificates stored in the keychain.
# note that safari does not trust the site (expected)
$ open -a Safari https://self-signed.badssl.com/
# note that curl does not trust the site (expected)
$ curl https://self-signed.badssl.com
curl: (60) SSL certificate problem: self signed certificate
# trust the self-signed certificate by adding it to the keychain
$ openssl s_client -servername self-signed.badssl.com -connect self-signed.badssl.com:443 </dev/null 2>/dev/null | openssl x509 > self-signed.badssl.com.crt
$ security add-trusted-cert -p ssl -k ~/Library/Keychains/login.keychain-db self-signed.badssl.com.crt
# note that Safari DOES now trust the site (expected)
$ open -a Safari https://self-signed.badssl.com/
# note that curl DOES NOT trust the site (not expected)
$ curl https://self-signed.badssl.com
curl: (60) SSL certificate problem: self signed certificate
This worked for me: https://apple.stackexchange.com/questions/228865/how-to-install-an-homebrew-package-behind-a-proxy