CURL stopped working for https after latest woflssl patch (21.02)

Can you also run the following just to see what packages are installed and paste the results here?

/$  opkg list-installed | grep wolfssl
/$  opkg list-installed | grep curl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.ee39414e - 5.5.1-stable-3
px5g-wolfssl - 5.1

This is the same as Bill had.
Turns out I didn't have anything running curl, so I installed it:

~# opkg install curl
Installing curl (7.85.0-5.1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/packages/curl_7.85.0-5.1_x86_64.ipk
Installing libmbedtls12 (2.28.1-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/base/libmbedtls12_2.28.1-1_x86_64.ipk
Installing libnghttp2-14 (1.44.0-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/packages/libnghttp2-14_1.44.0-1_x86_64.ipk
Installing libcurl4 (7.85.0-5.1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/x86_64/packages/libcurl4_7.85.0-5.1_x86_64.ipk
Configuring libmbedtls12.
Configuring libnghttp2-14.
Configuring libcurl4.
Configuring curl.
~# opkg list-installed | grep curl
curl - 7.85.0-5.1
libcurl4 - 7.85.0-5.1

curl appears to use mbedtls so I don't know if your curl issue has anything to do with wolfssl. curl does work on https://www.google.com on this install. This is 22.03.0 on x86-64.

This is what I got (i'm in 21.02.3)

# opkg list-installed | grep curl
curl - 7.83.1-2.1
libcurl4 - 7.83.1-2.1

seems we don't have the same version of CURL

The wolfssl packages are there,

libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2

but px5g-wolfssl is still at 4.1 (its at 5.1 in 22.03.0).

I think that px5g only runs once on the first start to create a self-signed certificate for LuCI. So if you already have that certificate installed you wouldn't notice breakage of px5g.

1 Like

Checked packages for 22.03 and it seems it's using the latest curl 7.85.x is available and works properly.

It's the available latest version for 21.02 still using version curl 7.83.x is the one having issues

yes it seems 22.03 uses the more recent curl version which is not affected

@ynezz
This thread and the narrowing down of curl should be noted as causing issues on 21.02 after upgrading.

Did this using new image (sysupgrade).. but same issue with CURL.. so it's the CURL package that stopped working for HTTPS after updating WoflSSL.. that's the only thing UPGRADED before it stopped working.

Here's where you can report this, or find/search for package related bugs.
Create a Git account and post your tech details.

Thanks will do that

@Bill
somebody has already raised already related issue.. and devs have acknowledge it's broken with the latest 21.02 builds due to changes to wolfssl

For those who came across this and having the same issue.. please see the following links:

2 Likes

Hello!

Yes for:

Model	Linksys MR8300 (Dallas)
Architecture	ARMv7 Processor rev 5 (v7l)
Target Platform	ipq40xx/generic
Firmware Version	OpenWrt 21.02.3 r16554-1d4dea6d4f / LuCI openwrt-21.02 branch git-22.245.77575-63bfee6
Kernel Version	5.4.188

The package has stopped working. Tried to downgrade wolf ssl without success. Here my version about packages.

libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
px5g-wolfssl - 4.1
wpad-basic-wolfssl - 2020-06-08-5a8b3662-41
libcurl4 - 7.83.1-2.1

You're Absolutely right ...

----------------------------
WARNING: Running as root without dropping privileges is NOT recommended.
----------------------------
[W] 1665824889.155379 main.c:236 HTTP/3 is not supported by current libcurl
[W] 1665825129.454036 https_client.c:351 66B8: curl request failed with 0: No error
[W] 1665825129.454089 https_client.c:353 66B8: curl error message: Error reading ca cert file p=�� - mbedTLS: (-0x3E00) PK - Read/write of file failed
[W] 1665825129.454127 https_client.c:380 66B8: No response (probably connection has been closed or timed out)

What OpenWRT are you using? If it's 21.02.x then you might need to manually downgrade the version of curl and libcurl4 (see this link: https://github.com/openwrt/packages/issues/19547#issuecomment-1271809668).

Although the fix has been committed already for 21.02 branch, somehow it wasn't included on some of the latest (as of this writing) archi release (ex: mipsel_24kc but is updated packages for curl and libcurl4 was included for mips_24kc) for 21.02.x. See my post here and here.

Firmware Version	OpenWrt 22.03.1 r19777-2853b6d652 / LuCI openwrt-22.03 branch git-22.245.77528-487e58a

Hmmm.. you are already using 22.03 branch which should have working curl and libcurl but I'm not sure about the HTTP/3 support.

Can you check what package versions installed in your router for curl and libcurl?

$ pkg list-installed | grep curl