If your Linux distribution is so out of date that you can no longer install updated patches, you'll typically need to either reach for an unsupported package or install the software via source. Additionally, I didn't want to interfere with installed software in fear of rendering the system unusable.
You're going to be installing stuff that requires root access, so it's easier to just be able to do it when you want without having to worry about using sudo and permissions. Be careful you don't delete anything you can't recover
$ sudo su -
# mkdir -p /usr/local/src && cd /usr/local/src
Grab packages via cURL if possible (if the system version is too out of date, this may fail). If not, just download to your local machine and SCP up to your target host.
# curl https://www.openssl.org/source/openssl-1.1.0c.tar.gz -o openssl-1.1.0c.tar.gz
# curl https://curl.haxx.se/download/curl-7.52.1.tar.gz -o curl-7.52.1.tar.gz
# tar xzf openssl-1.1.0c.tar.gz
# tar xzf curl-7.52.1.tar.gz
Configure the path so as to not interfere with the currently installed OpenSSL package:
# cd /usr/local/src/openssl-1.1.0c
# ./config --prefix=/usr/local/openssl-1.1.0c --openssldir=/usr/local/openssl-1.1.0c
# make && make install
Once installed, ensure that the shared library it builds is available via ldconfig by adding it to the configuration search path:
# echo /usr/local/openssl-1.1.0c/lib >> /etc/ld.so.conf.d/ssl.conf
Run ldconfig to update the cache:
# ldconfig
You can verify what shared libraries are available by using the -p flag:
# ldconfig -p | grep ssl
libssl.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libssl.so.1.1
libssl.so.1.0.0 (libc6,x86-64) => /lib/x86_64-linux-gnu/libssl.so.1.0.0
libssl.so.1.0.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
libssl.so (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libssl.so
libssl.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so
libgnutls-openssl.so.26 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgnutls-openssl.so.26
libgnutls-openssl.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgnutls-openssl.so
libcrypto.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libcrypto.so.1.1
libcrypto.so (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libcrypto.so
Again, this should be installed so as not to interfere with the existing cURL:
# cd /usr/local/src/curl-7.52.1
# ./configure --prefix=/usr/local/curl/7.52.1 --with-ssl=/usr/local/openssl-1.1.0.c
# make && make install
In addition to installing an updated binary, this will install the shared libcurl library in /usr/local/curl/7.52.1/lib. Additionally, it will install the curl-config binary that is used by curb to determine the correct build flags when installing the C extension.
The Curb gem provides cURL bindings for Ruby that we will use instead of the native standard library support for SSL. Looking at the contents of the included extconf.rb file, we can see that the curl-config program is used to figure out the build flags:
if find_executable('curl-config')
$CFLAGS << " #{`curl-config --cflags`.strip} -g"
if ENV['STATIC_BUILD']
$LIBS << " #{`curl-config --static-libs`.strip}"
else
$LIBS << " #{`curl-config --libs`.strip}"
end
...
endSince there are multiple versions of cURL and libcurl on our system, we need to ensure that the correct version is used. To do this, I:
- Alter the
PATHenvironment variable to ensure that our newly-installedcurl-configprogram is found first - Provide the
STATIC_BUILDenvironment variable to statically link curb against the new libcurl library
If not built statically, Curb will load libcurl dynamically at runtime and will use the old libcurl version (that we're trying to replace).
$ PATH=/usr/local/curl/7.52.1/bin:/usr/bin:/bin STATIC_BUILD=1 /usr/local/bin/gem install curb \
-v 0.9.3 \
--install-dir=/path/to/gem/installation/directory