Compile cURL with Arm Mbed TLS
This tutorial shows you how to compile the popular cURL library with Mbed TLS as the cryptography library. This step-by-step tutorial uses Ubuntu as the operating system. This tutorial does everything from a shell. We tested this example with versions mbedtls-2.12.0 and curl-7.61.0
Download Mbed TLS
The Mbed TLS library is not included in the cURL source package, so you need to download and install Mbed TLS first. You can use the latest version by altering the version number in the URL below. Enter these statements to download and unpack the Mbed TLS source code to your /home/Downloads
folder:
cd ~/Downloads
wget https://tls.mbed.org/code/releases/mbedtls-2.12.0-gpl.tgz
tar -zxf mbedtls-2.12.0-gpl.tgz
cd mbedtls-2.12.0
Compile and install Mbed TLS
Now compile the source code by entering:
make CFLAGS=-fPIC
Optionally, you can check that Mbed TLS works correctly by entering:
make check
To install the library, enter:
sudo make install
Note that you need administrator privileges to execute this command. The Mbed TLS library is now installed in /usr/local/lib
.
Download cURL
To download and unpack the cURL source code, enter these statements (You can use the latest version by altering the version number in the URL):
cd ~/Downloads
wget http://curl.haxx.se/download/curl-7.61.0.tar.gz
tar -zxf curl-7.61.0.tar.gz
cd curl-7.61.0
Compile and install cURL
To compile cURL with Mbed TLS, you need to configure the build system. Normally you would use the configure script without any options, but in this case some options are needed. Enter:
./configure --without-ssl --with-mbedtls
The without-ssl
and with-mbedtls
parameters instruct the build system to use Mbed TLS instead of the default SSL library. When the configure script finishes, it states something like this:
Compile and install cURL
To compile and install cURL, enter:
make
sudo make install
You need administrator privileges to execute the second command. The cURL program is now installed in /usr/local/bin
.
Test cURL
To test the installation, you can enter:
curl -V
This confirms that cURL is using Mbed TLS. To test the SSL capabilities of cURL, you can retrieve an HTML header with an HTTPS request:
curl -I https://www.google.com/
The result is something like this:
Test cURL
Note: If you see the libcurl.so.4: cannot open shared object file: No such file or directory
error, you need to type ldconfig
first.
Note: You may need to add the path to libcurl.so
( /usr/local/lib
) to your LD_LIBRARY_PATH
.
Cygwin
Some additional information for Cygwin users.
First, uninstall the standard cURL package from your Cygwin installation if it is installed. You can use the command
cygcheck -c
to print your installed packages.Before you can
wget
the Mbed TLS code, you need a bundle of X.509 certificates inside your Cygwin environment.pushd /usr/ssl/certs curl http://curl.haxx.se/ca/cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ".pem"}' c_rehash
Create an extra symlink for wget
ln -sT /usr/ssl /etc/ssl
Configure the cURL build system with the following options:
./configure --without-ssl --with-mbedtls=/usr/local --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt
The option with-mbedtls
points to your Mbed TLS location and with-ca-bundle
is the location of your certificates bundle you extracted before.