1

When trying to install something with homebrew, I was facing numerous messages from curl and certificates' problem.

Thought something was wrong with cert.pem files, but in fact, it doesn't.

brew install ffmpeg downloads a lot of packages, which went well, and then needs glib's package:

curl https://download.gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz  
curl: (77) SSL: can't load CA certificate file cacert.pem

In case the error was due to an environment variable problem, I tried:

curl --cacert ./cacert.pem https://download.gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz  
curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect

I wanted to verify if wget had the same problem. But wget seems able to "failed" with gnome.org and changes automatically for rpmfind.net

wget https://download.gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz
https://download.gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz
Résolution de download.gnome.org (download.gnome.org)… 8.43.85.29, 8.43.85.13, 8.43.85.14, ...
Connexion à download.gnome.org (download.gnome.org) 8.43.85.29 :443… connecté.
requête HTTP transmise, en attente de la réponse… 302 
Found Emplacement : http://ftp.rpmfind.net/linux/gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz 
 suivant
http://ftp.rpmfind.net/linux/gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz
Résolution de ftp.rpmfind.net (ftp.rpmfind.net)… 195.220.108.108
Connexion à ftp.rpmfind.net (ftp.rpmfind.net) 195.220.108.108 :80… connecté.
requête HTTP transmise, en attente de la réponse… 200 OK
Taille : 4834784 (4,6M) application/x-xz
Sauvegarde en: glib-2.66.1.tar.xz

Then I checked with curl and rpmfind.net and it goes well:

curl --cacert ./cacert.pem https://fr2.rpmfind.net/linux/gnome.org/sources/glib/2.66/glib-2.66.1.tar.xz

Safari browser is not able either to go to https://download.gnome.org/sources/
So, it's not possible to do as suggested in some post: add the gnome.org certificate in MacOSX keychain.
Why curl prompt an error with SSL/CA certificate?
I saw a lot of threads about homebrew, curl and certificates, but no one seems related to this case. And homebrew is able to install other packages, when they aren't on gnome.org.
Is there a way in homebrew to use wget instead of curl?
Is it possible to modify the homebrew's formula so it can get the package elsewhere?
Thanks for any clue.

Henryk Polejowski
  • 21
  • 3
  • wget didn't 'fail'; it got a 302 redirect, which is a normal and common HTTP response that tells the client to use a different URL. If curl were able to connect (no SSL error) it would not follow the redirect by default like wget, but if you specify `-L` or `--location` it will; I don't know whether brew would do that (which only matters if the SSL problem is solved anyway). – dave_thompson_085 Oct 11 '20 at 18:16

2 Answers2

1

Thanks to this post:
How to manually download brew package for installation?

I was able to move the downloaded glib package from rpmfind to the correct location and name of the homebrew's cache structure.

brew --cache glib gives the correct homebrew name of the cached glib package.
mv glib-2.66.1.tar.xz [homebrew name]
brew install glib is now ok since the missing package is located in the attended directory.

Henryk Polejowski
  • 21
  • 3
0

The standard curl bring either by Mac OSX or by brew doesn't handle modern tls/ssl transactions with websites.

Following this post: How do I enable curl SSL on Mac OS X?

You have to remove curl and then re-install it with the openssl version:
brew rm curl
brew install curl-openssl

Henryk Polejowski
  • 21
  • 3