New image confirms that wolfSSL is the issue. Took the image that failed w/wolfSSL, rebuilt just by changing the SSL library for curl from wolf to open.
This is 21.02.0:
$ssh root@wrt
BusyBox v1.33.1 (2021-08-31 22:20:08 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.0, r16279-5cc0535800
-----------------------------------------------------
OpenSSL installed:
root@WRT:~# opkg list-installed | grep -E 'ssl|ca-'
ca-bundle - 20210119-1
libopenssl1.1 - 1.1.1l-1
libustream-wolfssl20201210 - 2020-12-10-68d09243-1
libwolfssl4.8.1.39c36f2f - 4.8.1-stable-1
luci-ssl - git-20.244.36115-e10f954
px5g-wolfssl - 3
wpad-basic-openssl - 2020-06-08-5a8b3662-35
curl & libs linked to OpenSSL:
root@WRT:~# ldd /usr/bin/curl
/lib/ld-musl-mips-sf.so.1 (0x77de0000)
libcurl.so.4 => /usr/lib/libcurl.so.4 (0x77d8a000)
libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x77d5c000)
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x77cdc000)
libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x77b02000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77ade000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de0000)
root@WRT:~# ldd /usr/lib/libcurl*
ldd (0x77e2e000)
libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x77daa000)
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x77d2a000)
libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x77b50000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77b2c000)
libc.so => ldd (0x77e2e000)
It works:
root@WRT:~# curl -o /tmp/whatever https://shop.bbc.com
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 448k 0 448k 0 0 634k 0 --:--:-- --:--:-- --:--:-- 767k