CURL stopped working for https after latest woflssl patch (21.02)

Thanks will do that

somebody has already raised already related issue.. and devs have acknowledge it's broken with the latest 21.02 builds due to changes to wolfssl

For those who came across this and having the same issue.. please see the following links:



Yes for:

Model	Linksys MR8300 (Dallas)
Architecture	ARMv7 Processor rev 5 (v7l)
Target Platform	ipq40xx/generic
Firmware Version	OpenWrt 21.02.3 r16554-1d4dea6d4f / LuCI openwrt-21.02 branch git-22.245.77575-63bfee6
Kernel Version	5.4.188

The package has stopped working. Tried to downgrade wolf ssl without success. Here my version about packages.

libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
px5g-wolfssl - 4.1
wpad-basic-wolfssl - 2020-06-08-5a8b3662-41
libcurl4 - 7.83.1-2.1

You're Absolutely right ...

WARNING: Running as root without dropping privileges is NOT recommended.
[W] 1665824889.155379 main.c:236 HTTP/3 is not supported by current libcurl
[W] 1665825129.454036 https_client.c:351 66B8: curl request failed with 0: No error
[W] 1665825129.454089 https_client.c:353 66B8: curl error message: Error reading ca cert file p=�� - mbedTLS: (-0x3E00) PK - Read/write of file failed
[W] 1665825129.454127 https_client.c:380 66B8: No response (probably connection has been closed or timed out)

What OpenWRT are you using? If it's 21.02.x then you might need to manually downgrade the version of curl and libcurl4 (see this link:

Although the fix has been committed already for 21.02 branch, somehow it wasn't included on some of the latest (as of this writing) archi release (ex: mipsel_24kc but is updated packages for curl and libcurl4 was included for mips_24kc) for 21.02.x. See my post here and here.

Firmware Version	OpenWrt 22.03.1 r19777-2853b6d652 / LuCI openwrt-22.03 branch git-22.245.77528-487e58a

Hmmm.. you are already using 22.03 branch which should have working curl and libcurl but I'm not sure about the HTTP/3 support.

Can you check what package versions installed in your router for curl and libcurl?

$ pkg list-installed | grep curl
curl - 7.85.0-5.1
libcurl4 - 7.85.0-5.1
php8-mod-curl - 8.1.11-1

Have you tried updating/upgrading your curl and libcurl4? Checking some of the archi packages for 22.03.1 there should be a 7.85.0-6.1 version. I'm just not sure about your php8-mod-curl.

 opkg list-installed | grep curl
curl - 7.85.0-6.1
libcurl4 - 7.85.0-6.1
php8-mod-curl - 8.1.11-1

I done that but still https-dns-proxy is not working.

anymore commands to run to diagnose the issue?

Why is this marked as solution? I can't get curl working again after installing git in 21.02.

Downgrading won't work either....

$ wget -q
wget -q
wget -q
opkg install libwolfssl5.2.0.99a5b54a_5.2.0-stable-2_x86_64.ipk
opkg install libcurl4_7.83.1-2.1_x86_64.ipk
opkg install curl_7.83.1-2.1_x86_64.ipk
Installing libwolfssl5.2.0.99a5b54a (5.2.0-stable-2) to root...
Configuring libwolfssl5.2.0.99a5b54a.
Package libcurl4 (7.83.1-2.1) installed in root is up to date.
Package curl (7.83.1-2.1) installed in root is up to date.

$ opkg list-installed | grep curl
curl - 7.83.1-2.1
libcurl4 - 7.83.1-2.1

$ opkg list-installed | grep wolfssl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.2.0.99a5b54a - 5.2.0-stable-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
px5g-wolfssl - 4.1

$ opkg remove libwolfssl5.5.1.99a5b54a
No packages removed.
Collected errors:
 * print_dependents_warning: Package libwolfssl5.5.1.99a5b54a is depended upon by packages:
 * print_dependents_warning: 	libustream-wolfssl20201210
 * print_dependents_warning: 	px5g-wolfssl
 * print_dependents_warning: 	libcurl4
 * print_dependents_warning: These might cease to work if package libwolfssl5.5.1.99a5b54a is removed.

 * print_dependents_warning: Force removal of this package with --force-depends.
 * print_dependents_warning: Force removal of this package and its dependents
 * print_dependents_warning: with --force-removal-of-dependent-packages.

$ curl -sSL
curl: (1) Protocol "https" not supported or disabled in libcurl

So is the only way to update to 22.03?

Sorry about that, but I think I accidentally clicked the button. Anyway...

You installed the 7.83.1-2.1 version which is the one broken because of the wolfssl security update. If you can't see a higher version in the releases for your archi, you need to downgrade to 7.83.1-1 versions for now.

curl - 7.83.1-1
libcurl4 - 7.83.1-1

To do this (excerpt from here:

Until it's fixed you could use the archive repo: e.g.
and download these packages which aren't affected:

curl - 7.83.1-1 (packages)
libcurl4 - 7.83.1-1 (packages)
libwolfssl5.2.0.99a5b54a - 5.2.0-stable-2 (base)

e.g. for 21.02 x86_64 - step by step: (with typo corrections)

wget -q
wget -q
wget -q
opkg install libwolfssl5.2.0.99a5b54a_5.2.0-stable-2_x86_64.ipk
opkg install libcurl4_7.83.1-1_x86_64.ipk
opkg install curl_7.83.1-1_x86_64.ipk

^^^ NOTE: I corrected the above as the instructions in the comment in github is incorrect.
You might need to also do --force-reinstall if it won't downgrade the package.


You might need to raise an issue here: as i'm not sure about your problem. If you do custom build, this might help:

Are you using a CA file? If not, it may be related to an issue upstream, I'm going to update the package within a few days.

How to check that? If you need any info, you can share commands with me. I am more than happy to run them for you. I am noob in linux and openwrt, started using openwrt just for high pings in game. SQM solved the issue and I was blown away.

I am running this build on my pi4 router.

I've sent PRs for main and 22.03 branches with the fix for the garbage in the ca cert file name, given the logs you have provided it should solve the problem: I'll leave them for others to review/provide feedback for a day or so before merging.

The repo owner for your custom image can also manually build the new package from the updated sources.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.