由于业务需要,服务器上的curl 版本太老了,有漏洞,于是抽点时间升级最新版本,确保服务器间通信安全,然后网上看了些教程,发现各不相同,最后找到一个最简单,最方便的方法,分享给大家。
1.查看当前版本
Centos6.8 上默认的 curl 版本为7.19.7,目前最新的是7.53.1,这版本太老太老…,赶紧升级,服务器上输入curl --version
,显示当前版本:
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
2.升级curl
在这里使用 city-fan 的更新源来更新。
2.1. 更新 ca-bundle
-
首先备份一下:
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.bak
-
更新并替换:
curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
2.2 新增 repo 源
-
新增 repo:
vim /etc/yum.repos.d/city-fan-for-curl.repo
-
Centos6 编辑为如下:
[CityFanforCurl]
name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel6/x86_64/
enabled=0
gpgcheck=0
- Centos7 编辑为如下:
[CityFanforCurl]
name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/
enabled=0
gpgcheck=0
2.3 更新 curl
直接使用如下命令进行更新:yum update curl --enablerepo=CityFanforCurl -y
2.4 重启服务
更新完成后,建议重启一下。就可以正常使用了。
lnmp php-fpm restart
这时候再输入curl --version :
curl 7.53.1 (x86_64-redhat-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.1e zlib/1.2.3 c-ares/1.12.0 libssh2/1.8.0 nghttp2/1.6.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy Metalink
3.问题
一台服务器按这个步骤操作下来没有问题,另一台碰到一个问题,报错,大概就是镜像源错误还有CA证书问题:
http://mirror.math.princeton.edu/pub/epel/6/x86_64/repodata/00b164f9525392a7a34d12e3367cc3bc53b9fd4ecd0614cd22ccacdb21eb1b2b-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
http://mirrors.mit.edu/epel/6/x86_64/repodata/00b164f9525392a7a34d12e3367cc3bc53b9fd4ecd0614cd22ccacdb21eb1b2b-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
http://mirror.metrocast.net/fedora/epel/6/x86_64/repodata/00b164f9525392a7a34d12e3367cc3bc53b9fd4ecd0614cd22ccacdb21eb1b2b-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
http://mirror.mrjester.net/fedora/epel/6/x86_64/repodata/00b164f9525392a7a34d12e3367cc3bc53b9fd4ecd0614cd22ccacdb21eb1b2b-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
http://fedora-epel.mirror.lstn.net/6/x86_64/repodata/00b164f9525392a7a34d12e3367cc3bc53b9fd4ecd0614cd22ccacdb21eb1b2b-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
https://dl.fedoraproject.org/pub/epel/6/x86_64/repodata/00b164f9525392a7a34d12e3367cc3bc53b9fd4ecd0614cd22ccacdb21eb1b2b-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
- 于是执行命令,然后从2.3继续执行。
cp /etc/pki/tls/certs/ca-bundle.crt.bak /etc/pki/tls/certs/ca-bundle.crt
一个比较巧的事情,昨天刚加的友链,今天搜索问题刚好碰到。