CURL stopped working for https after latest woflssl patch (21.02)

curl - 7.85.0-5.1
libcurl4 - 7.85.0-5.1
php8-mod-curl - 8.1.11-1

Have you tried updating/upgrading your curl and libcurl4? Checking some of the archi packages for 22.03.1 there should be a 7.85.0-6.1 version. I'm just not sure about your php8-mod-curl.

 opkg list-installed | grep curl
curl - 7.85.0-6.1
libcurl4 - 7.85.0-6.1
php8-mod-curl - 8.1.11-1

I done that but still https-dns-proxy is not working.

anymore commands to run to diagnose the issue?

Why is this marked as solution? I can't get curl working again after installing git in 21.02.

Downgrading won't work either....

$ wget -q
wget -q
wget -q
opkg install libwolfssl5.2.0.99a5b54a_5.2.0-stable-2_x86_64.ipk
opkg install libcurl4_7.83.1-2.1_x86_64.ipk
opkg install curl_7.83.1-2.1_x86_64.ipk
Installing libwolfssl5.2.0.99a5b54a (5.2.0-stable-2) to root...
Configuring libwolfssl5.2.0.99a5b54a.
Package libcurl4 (7.83.1-2.1) installed in root is up to date.
Package curl (7.83.1-2.1) installed in root is up to date.

$ opkg list-installed | grep curl
curl - 7.83.1-2.1
libcurl4 - 7.83.1-2.1

$ opkg list-installed | grep wolfssl
libustream-wolfssl20201210 - 2022-01-16-868fd881-2
libwolfssl5.2.0.99a5b54a - 5.2.0-stable-2
libwolfssl5.5.1.99a5b54a - 5.5.1-stable-2
px5g-wolfssl - 4.1

$ opkg remove libwolfssl5.5.1.99a5b54a
No packages removed.
Collected errors:
 * print_dependents_warning: Package libwolfssl5.5.1.99a5b54a is depended upon by packages:
 * print_dependents_warning: 	libustream-wolfssl20201210
 * print_dependents_warning: 	px5g-wolfssl
 * print_dependents_warning: 	libcurl4
 * print_dependents_warning: These might cease to work if package libwolfssl5.5.1.99a5b54a is removed.

 * print_dependents_warning: Force removal of this package with --force-depends.
 * print_dependents_warning: Force removal of this package and its dependents
 * print_dependents_warning: with --force-removal-of-dependent-packages.

$ curl -sSL
curl: (1) Protocol "https" not supported or disabled in libcurl

So is the only way to update to 22.03?

Sorry about that, but I think I accidentally clicked the button. Anyway...

You installed the 7.83.1-2.1 version which is the one broken because of the wolfssl security update. If you can't see a higher version in the releases for your archi, you need to downgrade to 7.83.1-1 versions for now.

curl - 7.83.1-1
libcurl4 - 7.83.1-1

To do this (excerpt from here:

Until it's fixed you could use the archive repo: e.g.
and download these packages which aren't affected:

curl - 7.83.1-1 (packages)
libcurl4 - 7.83.1-1 (packages)
libwolfssl5.2.0.99a5b54a - 5.2.0-stable-2 (base)

e.g. for 21.02 x86_64 - step by step: (with typo corrections)

wget -q
wget -q
wget -q
opkg install libwolfssl5.2.0.99a5b54a_5.2.0-stable-2_x86_64.ipk
opkg install libcurl4_7.83.1-1_x86_64.ipk
opkg install curl_7.83.1-1_x86_64.ipk

^^^ NOTE: I corrected the above as the instructions in the comment in github is incorrect.
You might need to also do --force-reinstall if it won't downgrade the package.


You might need to raise an issue here: as i'm not sure about your problem. If you do custom build, this might help:

Are you using a CA file? If not, it may be related to an issue upstream, I'm going to update the package within a few days.

How to check that? If you need any info, you can share commands with me. I am more than happy to run them for you. I am noob in linux and openwrt, started using openwrt just for high pings in game. SQM solved the issue and I was blown away.

I am running this build on my pi4 router.

I've sent PRs for main and 22.03 branches with the fix for the garbage in the ca cert file name, given the logs you have provided it should solve the problem: I'll leave them for others to review/provide feedback for a day or so before merging.

The repo owner for your custom image can also manually build the new package from the updated sources.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.