
Curl and http/2 on Mac - okket
https://daniel.haxx.se/blog/2016/08/01/curl-and-h2-on-mac/
======
JWIU
Chrome disabled H2 over NPN a bit over a month ago, which led to many sites
going back to H1.1 because most Linux distribution don't have an ALPN OpenSSL
pkg (nginx is very easily static compiled with the latest OpenSSL src btw, no
config needed). Secure transport doesn't seem to have ever supported either.
It seems Apple has really been slacking in the past few years IMO. I'm sure
they'll get around to ALPN eventually.

~~~
JWIU
And I don't think I'm quite some ignorant hater[0], but they have been
annoying lately, especially with iOS Safari.

[0] [https://i.imgur.com/cg4DBUT.jpg](https://i.imgur.com/cg4DBUT.jpg)

Edit: Apple is excellent with their hardware. That iPhone 4 was still charging
with the plug like that..

------
laggyluke
For those who came here looking for the actual brew commands:

    
    
        brew install curl --with-nghttp2 --with-openssl
        brew link curl --force
    

You can also use --with-libressl instead of --with-openssl if you prefer
LibreSSL.

~~~
omginternets
Why might I prefer LibreSSL?

~~~
spikengineer
It's less bloated

~~~
falcolas
How does bloat affect the end user?

I'd focus instead on how several more recent vulnerabilities with OpenSSL have
not affected LibreSSL, and the code quality being improved with LibreSSL,
hopefully resulting in fewer vulnerabilities in the future.

------
matt_wulfeck
Tools like curl being available is one of the reasons I fell in love with
development on Mac. I hope Apple takes note and ships curl (and other
coreutils for that matter) in a way that continues to be developer friendly.

~~~
dalbin
On macOS since 10.11, there is `nscurl`, which is a curl-like on NSURLSession
where HTTP/2 is available.

~~~
sjmulder
Interesting. It doesn't have a man page, the help output gives no background
info and there's very little information online. I'm curious to find out more
about this tool.

~~~
emmelaich

        nscurl -h 
    

gives some useful info

------
sjtgraham
Another thing Secure Transport can't do is create a SecIdentityRef from an
arbitrary cert and key pair, e.g. supplied as cURL command line arguments.
This means you can't use client SSL certs with cURL on macOS or iOS unless you
add the private key to the keychain, which you might not want to do. Or you
can convert your x.509 cert and private key to a PKCS#12 archive because there
is a public API for importing that ¯\\_(ツ)_/¯. You'll need OpenSSL to do the
conversion though, because there isn't an Apple API for it, d'oh!

The decision to drop OpenSSL for Secure Transport IMO was not the best given
it's lacking (public) API.

------
colemickens
curl on mac can't handle certain client certs, it requires them in PKCS12
(pfx) because of SecureTransport. A bit of a hassle at times.

------
thinxer
tl;dr Apple shipped curl without HTTP/2 support on their macOS, and the author
of curl can do nothing about it.

