SSL support in OpenWrt OPKG (wget)

MadeleineKongshavn · June 17, 2021, 3:22pm

Hi,
I have been trying to enable SSL (for wget) in OpenWrt. As far as I understood OpenWrt comes with wget builtin, but without SSL support due to size constraints. I have followed several tutorials online, but don't seem to get support for SSL.

In the beginning when running opkg update without --no-check-certificate. I got the following warning:

wget: SSL support not available, please install one of the libustream-.*[ssl|tls] 
packages as well as the ca-bundle and ca-certificates packages.

I have installed the following packets

opkg install librt
opkg install wget
opkg install ca-certificates
opkg install ca-bundle
opkg install libustream-openssl

This can be seen here:

root@OpenWrt:~# opkg files wget
Package uclient-fetch (2021-05-14-6a6011df-1) is installed on root and has the following files:
/bin/uclient-fetch

root@OpenWrt:~# opkg files librt
Package librt (1.1.24-3) is installed on root and has the following files:

root@OpenWrt:~# opkg files libustream-openssl
Package libustream-openssl20201210 (2020-12-10-68d09243-1) is installed on root and has the following files:
/lib/libustream-ssl.so

root@OpenWrt:~# opkg files ca-bundle
Package ca-bundle (20210119-1) is installed on root and has the following files:
/etc/ssl/certs/ca-certificates.crt
/etc/ssl/cert.pem

root@OpenWrt:~# opkg files ca-certificates
Package ca-certificates (20210119-1) is installed on root and has the following files:
/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
/etc/ssl/certs/18856ac4.0
/etc/ssl/certs/SecureTrust_CA.crt
/etc/ssl/certs/773e07ad.0
 ....... ..... ...... .....

According to Use SSL in OpenWRT OPKG, all i needed to do was to change each http:// to https:// in this file:

/etc/opkg/distfeeds.conf

https:// was already present here so I didn't do any changes. However, when I am running opkg update, i now dont get the original error of installing the necessary packets. But Wget error 5 still occurs (which means SSL verification failure.)

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz, wget returned 5.

The same error can be seen here:

root@OpenWrt:~# wget https://www.google.com/
Downloading 'https://www.google.com/'
Connecting to 142.250.74.36:443
Connection error: Invalid SSL certificate
root@OpenWrt:~#

I am running OpenWrt version 21.02

Has anybody run into the same problem?

anomeome · June 17, 2021, 3:42pm

root@mamba:/# opkg list | grep -i wget
wget-ssl - 1.21.1-1

MadeleineKongshavn · June 17, 2021, 4:00pm

I dont seem to have wget-ssl, although wget seems to be built with ssl support(?):

root@OpenWrt:~# opkg list | grep -i wget
uclient-fetch - 2021-05-14-6a6011df-1 - Tiny wget replacement using libuclient
wget-nossl - 1.21.1-1 - Wget is a network utility to retrieve files from the Web using http a nd ftp, the two most widely used Internet protocols. It works non-interactively, so it will w ork in the background, after having logged off. The program supports recursive retrieval of w eb-authoring pages as well as ftp sites -- you can use wget to make mirrors of archives and h ome pages or to travel the Web like a WWW robot. This package is built without SSL support.
wget-ssl - 1.21.1-1 - Wget is a network utility to retrieve files from the Web using http and ftp, the two most widely used Internet protocols. It works non-interactively, so it will wor k in the background, after having logged off. The program supports recursive retrieval of web -authoring pages as well as ftp sites -- you can use wget to make mirrors of archives and hom e pages or to travel the Web like a WWW robot. This package is built with SSL support.

root@OpenWrt:~# opkg install wget-ssl  --no-check-certificate
Installing wget-ssl (1.21.1-1) to root...
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/wget-ssl_1.21.1-1_aarch64_cortex-a72.ipk
Installing libpcre (8.44-3) to root...
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/libpcre_8.44-3_aarch64_cortex-a72.ipk
Installing zlib (1.2.11-3) to root...
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/zlib_1.2.11-3_aarch64_cortex-a72.ipk
Configuring libpcre.
Configuring zlib.
Configuring wget-ssl.

I have the same as you now :):

root@OpenWrt:~# opkg list | grep -i wget
wget-ssl - 1.21.1-1
root@OpenWrt:~#

And it works!

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.sig
Signature check passed.

root@OpenWrt:~# wget https://google.com
--2021-06-13 22:04:52--  https://google.com/
Resolving google.com... 142.250.74.78, 2a00:1450:400f:802::200e
Connecting to google.com|142.250.74.78|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.google.com/ [following]
--2021-06-13 22:04:52--  https://www.google.com/
Resolving www.google.com... 142.250.74.36, 2a00:1450:400f:801::2004
Connecting to www.google.com|142.250.74.36|:443... connected.

Thank you so much!

system · June 27, 2021, 4:01pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.