Receiving cURL error 132 during routine ddns operations

sscheuri · September 15, 2022, 12:53pm

Running OpenWrt 22.03.0-rc6 r19590-042d558536

DDNS, whose configuration was working in previous releases, is now showing a cURL error 132 when attempting to update my WAN IP to my dns provider (cloudflare). All packages (including ca-certs and ca-bundle, curl) current along with DNS providers list. All credentials with cloudflare are confirmed working.

Looking for suggestions to troubleshoot or repair as I am at a loss on how to proceed short of a full rebuild with the latest stable release and fresh config (rather than restore from backup).

account4538 · September 16, 2022, 1:07am

It appears that cURL error is a certificate issue: Curl - SSL_connect failed with error -132 - RSA key too large?

lleachii · September 18, 2022, 12:04pm

Did you configure the certificate parameter in the DDNS config?

screen177

sscheuri · September 19, 2022, 2:15pm

Not like that - I have /etc/ssl/certs only. I will try that full path and report back. Thanks.

sscheuri · September 20, 2022, 1:40pm

No luck - I have those pkgs installed, and the path is good. I have repeated the install on an identical router, with the most current release of openwrt. Still getting curl 132 error when ddns tries to update the IP address with cloudflare.
I have tried to force ddns to use wget-ssl instead of curl (Global Settings); however, the logs continue to show curl is used as evidenced by the 132 error. EDIT: I see that the cloudflare script requires curl so there is that.

100048 ERROR : cURL Error: '132'
 100048       : 
 100048  WARN : Transfer failed - retry 1/0 in 60 seconds
 100148       : #> /usr/bin/curl -RsS -o /var/run/ddns/myddns_ipv4.dat --stderr /var/run/ddns/myddns_ipv4.err --capath /etc/ssl/certs --noproxy '*' --header 'Authorization: Bearer ***PW***'  --header 'Content-Type: application/json'  --request GET 'https://api.cloudflare.com/client/v4/zones?name=**removed for privacy**
 100148 ERROR : cURL Error: '132'

I am open to additional suggestions and ideas.

stangri · September 20, 2022, 10:06pm

If your curl --version output lists wolfssl, I'd try switching to official release. curl has been migrated to mbedtls at some point very close to release. If the same issue persists with mbedtls, I have no further suggestions.

I've also just merged PR for curl 7.85 for OpenWrt 22.03 repo, so if you migrate to official release in a day or so, the new version should be built and maybe it will help.

sscheuri · September 21, 2022, 1:42am

Thanks for the suggestion. My original post was using a router with openwrt rc6. I also have built an identical router with OpenWrt 22.03.0 r19685-512e76967f. Curl error is persisting across both.
Here is the output from that command on the 22.03.0 r19685 router:

curl 7.83.1 (powerpc-openwrt-linux-gnu) libcurl/7.83.1 mbedTLS/2.28.1 nghttp2/1.44.0
Release-Date: 2022-05-11
Protocols: file ftp ftps http https mqtt
Features: alt-svc HSTS HTTP2 IPv6 Largefile SSL

stangri · September 21, 2022, 7:09am

I'd be curious to know if curl 7.85 helps.

PS. Have you tried building curl with openssl as the SSL library?

sscheuri · September 22, 2022, 12:16pm

stangri - I appreciate the idea but I am not nearly that advanced with openwrt. If you can point me to a reference or guidance on how to do what you are suggesting, I can give it a shot. Thanks.

All - UPDATE: reconfigured ddns to use my uhttpd.crt file (2048 bit key) and still getting curl 132 error. I have tried using /etc/ssl/certs and /etc/ssl/certs/ca-certificates.crt and now uhttpd.crt and all have failed.

stangri · September 22, 2022, 11:51pm

I'm not sure it'd help, but try updating curl to 7.85.0 from official repo.

sscheuri · September 23, 2022, 11:58am

I have learned from another user in this forum that this is an issue that was working fine but broke in later releases. I am going to close this thread and continue to monitor and test ddns but not on my head-end router/firewall.
Unfortunately, updating curl did not work but I appreciate the suggestion!

laci · November 5, 2022, 11:36pm

I have the same problem with curl and ddns on 22.03.2.
But I found a workaround:
remove curl and install wget-ssl

sscheuri · November 7, 2022, 4:01pm

Hi - I made that adjustment - and now the cloudflare ddns script/option is gone. So that suggestion won't work for my configuration.
Thanks.

laci · November 7, 2022, 6:43pm

oh, I use different provider (afraid.org-v2-token) and the ddns-scripts support it without any additional packages
but I've just checked the ddns-scripts-cloudflare depends on curl:

perhaps you can config it manually with custom option somehow