Hi,
I have been trying to enable SSL (for wget) in OpenWrt. As far as I understood OpenWrt comes with wget builtin, but without SSL support due to size constraints. I have followed several tutorials online, but don't seem to get support for SSL.
In the beginning when running opkg update
without --no-check-certificate
. I got the following warning:
wget: SSL support not available, please install one of the libustream-.*[ssl|tls]
packages as well as the ca-bundle and ca-certificates packages.
I have installed the following packets
opkg install librt
opkg install wget
opkg install ca-certificates
opkg install ca-bundle
opkg install libustream-openssl
This can be seen here:
root@OpenWrt:~# opkg files wget
Package uclient-fetch (2021-05-14-6a6011df-1) is installed on root and has the following files:
/bin/uclient-fetch
root@OpenWrt:~# opkg files librt
Package librt (1.1.24-3) is installed on root and has the following files:
root@OpenWrt:~# opkg files libustream-openssl
Package libustream-openssl20201210 (2020-12-10-68d09243-1) is installed on root and has the following files:
/lib/libustream-ssl.so
root@OpenWrt:~# opkg files ca-bundle
Package ca-bundle (20210119-1) is installed on root and has the following files:
/etc/ssl/certs/ca-certificates.crt
/etc/ssl/cert.pem
root@OpenWrt:~# opkg files ca-certificates
Package ca-certificates (20210119-1) is installed on root and has the following files:
/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
/etc/ssl/certs/18856ac4.0
/etc/ssl/certs/SecureTrust_CA.crt
/etc/ssl/certs/773e07ad.0
....... ..... ...... .....
According to Use SSL in OpenWRT OPKG, all i needed to do was to change each http:// to https:// in this file:
/etc/opkg/distfeeds.conf
https:// was already present here so I didn't do any changes. However, when I am running opkg update, i now dont get the original error of installing the necessary packets. But Wget error 5 still occurs (which means SSL verification failure.)
root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz
Collected errors:
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/targets/bcm27xx/bcm2711/packages/Packages.gz, wget returned 5.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/base/Packages.gz, wget returned 5.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/luci/Packages.gz, wget returned 5.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/packages/Packages.gz, wget returned 5.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/routing/Packages.gz, wget returned 5.
* opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0-rc1/packages/aarch64_cortex-a72/telephony/Packages.gz, wget returned 5.
The same error can be seen here:
root@OpenWrt:~# wget https://www.google.com/
Downloading 'https://www.google.com/'
Connecting to 142.250.74.36:443
Connection error: Invalid SSL certificate
root@OpenWrt:~#
I am running OpenWrt version 21.02
Has anybody run into the same problem?