Hi, I'm running lede-17.01.0-r3205-59508e3-mpc85xx-generic-tl-wdr4900-v1-squashfs-sysupgrade.bin.
I was just attempting to install a Letsencrypt certificate using acme.sh which depends on 'curl'. However during the request process curl is producing 'Illegal Instruction' in the log, and the request script fails.
Any suggestions ?
More on this, on my syslog server, I see:
Mar 29 13:44:35 <3.6> 10.0.20.4 c-fw : 00[LIB] curl SSL backend 'mbedTLS/2.4.2' not supported, https:// disabled
so somethings not right there, and also:
Mar 29 17:11:33 <1.6> 10.0.20.4 c-fw kernel: [2073277.579797] curl[14801]: unhandled signal 4 at b7d2b408 nip b7d2b408 lr b7d19af8 code 30001
The packages on my firewall:
curl - 7.52.1-3
libmbedtls - 2.4.2-1
Troubleshooting this is a bit outside my comfort zone, so any advice would be very welcome. Would it be an option to install the 'snapshot' versions of these packages to see if that fixes it ?
Either you installed the wrong version of curl (wrong architecture), or there is a bug in curl or any of the libraries used by curl.
Yes, I concur there seems to be a bug (arch is OK), the question is what do I do to fix it ? 
I upgraded curl from 7.52.1-3 to 7.53.1-1 from the 'snapshots' branch, but its still behaving the same..
Curl depends on libmbedtls, and I see there's an open bug report involving libembedtls on mpc85xx:
https://bugs.lede-project.org/index.php?do=details&task_id=588
I wonder if my crash bug is related to the same issue ?
I would add a comment to that bug report, explaining your issue.
Done.
If I suspect libembedtls is broken on mpc85xx, what could I do to test this further ? eg. determine what other packages use the same library, and run some tests to see if they also are failing ?
I want to use the device as a IKEv2 VPN server running Strongswan, so if this also will be broken the sooner I know the better..
Any advice appreciated..
I just re-flashed to OpenWRT 15.05.1, and the fault with curl is gone...
On OpenWRT they are still using PolarSSL library. So this sort of confirms my feeling libmbedtls is broken for MPC85xx on LEDE.
I would rather stay with LEDE, but I'm concerned other packages as well as curl may be depending on libmedtls, so I may have to bail out and go back to OpenWRT..
I would like to help try and fix libmbedtls for my platform, but I'm not a programmer..
You can also compile and use openssl for curl. (But there is no downloadab binary)
I am running only-openssl in my own build.
Libmbedtls is used e.g. by Luci SSL by default, but also there you can easily use openssl.
Thanks, but I have no build environment. My preferred Unix platform is FreeBSD. I had enough of Linux some time ago...
Is there any 'fast-path' to getting a LEDE build environment, maybe a ready-to-use distro I can install into a VM ?
Curl does not offer "variants" but the SSL selection is done with a config item, so you can't use the imagegenerator or other shortcuts. You need to compile the non-standard options by yourself.
I use Ubuntu in Virtualbox VM in Windows 10...
Just install Ubuntu 16.10 x64, install the prerequisites (gcc etc.) and fetch LEDE sources with git.
https://lede-project.org/docs/guide-developer/install-buildsystem
Or could you use wget instead of curl?
wget happily uses whatever libustreamssl variant you have installed. Default is libustream-mbedtls but I have libustream-openssl in my build.
EDIT: sorry, acme has a dependency for curl, so wget does not solve your goals.
Thanks, I'll see if I can get time to setup a LEDE build environment. I found this ticket which has quite a useful discussion:
Not quite that relevant for you, as pure openssl build with luci-ssl-openssl will not remove the mbedtls dependency from acme. acme will still require curl. You still need to compile curl by yourself (with libcurl config parameter as openssl).