CURL stopped working for https after latest woflssl patch (21.02)

Yes, my bad, mbedTLS support for hostapd is indeed in the works.

Well don’t do that. Unless you want to live on the edge of life. Install a new image instead.

It has been a lot of treads lately in the forum with the same question “I upgraded and now It doesn’t work”, read those if you want background info.

1 Like

I think upgrade is the only way to get the newer, unaffected wolfssl packages, I tried a 22.03.0 image today and it still contained the affected, older packages.

There's still the 22.03 snapshot images while you wait for the 21.02 and 22.03 point releases.

1 Like

the official recommendation in this case is different: https://openwrt.org/advisory/2022-10-04-1

in general you are better with image upgrade though, you are right.

FWIW I run a script in cron / manually that includes dependencies on curl . The script completes as desired yet I did not expect it to after reading the OP's post. Perhaps something else is afoot?

After preforming the upgrade mentioned via our forum: This is my output (included curl for comparisons)

/$  opkg list-installed | grep wolfssl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.ee39414e - 5.5.1-stable-3
px5g-wolfssl - 5.1
wpad-basic-wolfssl - 2022-01-16-cff80b4f-13.1
/$  opkg list-installed | grep curl
curl - 7.83.1-3
libcurl4 - 7.83.1-3

On 22.03.0
My script worked after upgrading the packages. @AcidSlide

1 Like

The unaffected wolfssl packages are now in 22.03.0 stable.

1 Like

I used attendedsysupgrade (auc) on my routers. That seems to have installed a complete set of compatible packages.

Just to clarify, your scripts stopped working after upgrading the wolfssl packages?

How about 21.02.03?

Can you also run the following just to see what packages are installed and paste the results here?

/$  opkg list-installed | grep wolfssl
/$  opkg list-installed | grep curl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.ee39414e - 5.5.1-stable-3
px5g-wolfssl - 5.1

This is the same as Bill had.
Turns out I didn't have anything running curl, so I installed it:

~# opkg install curl
Installing curl (7.85.0-5.1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/packages/curl_7.85.0-5.1_x86_64.ipk
Installing libmbedtls12 (2.28.1-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/base/libmbedtls12_2.28.1-1_x86_64.ipk
Installing libnghttp2-14 (1.44.0-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/packages/libnghttp2-14_1.44.0-1_x86_64.ipk
Installing libcurl4 (7.85.0-5.1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/packages/libcurl4_7.85.0-5.1_x86_64.ipk
Configuring libmbedtls12.
Configuring libnghttp2-14.
Configuring libcurl4.
Configuring curl.
~# opkg list-installed | grep curl
curl - 7.85.0-5.1
libcurl4 - 7.85.0-5.1

curl appears to use mbedtls so I don't know if your curl issue has anything to do with wolfssl. curl does work on https://www.google.com on this install. This is 22.03.0 on x86-64.

This is what I got (i'm in 21.02.3)

# opkg list-installed | grep curl
curl - 7.83.1-2.1
libcurl4 - 7.83.1-2.1

seems we don't have the same version of CURL

The wolfssl packages are there,

libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2

but px5g-wolfssl is still at 4.1 (its at 5.1 in 22.03.0).

I think that px5g only runs once on the first start to create a self-signed certificate for LuCI. So if you already have that certificate installed you wouldn't notice breakage of px5g.

1 Like

Checked packages for 22.03 and it seems it's using the latest curl 7.85.x is available and works properly.

It's the available latest version for 21.02 still using version curl 7.83.x is the one having issues

yes it seems 22.03 uses the more recent curl version which is not affected

@ynezz
This thread and the narrowing down of curl should be noted as causing issues on 21.02 after upgrading.

Did this using new image (sysupgrade).. but same issue with CURL.. so it's the CURL package that stopped working for HTTPS after updating WoflSSL.. that's the only thing UPGRADED before it stopped working.

Here's where you can report this, or find/search for package related bugs.
Create a Git account and post your tech details.