Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mbedtls 3.6.0 breaks uclient-fetch #24484

Closed
Ra2-IFV opened this issue Jun 29, 2024 · 6 comments
Closed

mbedtls 3.6.0 breaks uclient-fetch #24484

Ra2-IFV opened this issue Jun 29, 2024 · 6 comments

Comments

@Ra2-IFV
Copy link
Contributor

Ra2-IFV commented Jun 29, 2024
edited
Loading 

root@OpenWrt:~# wget https://github.com/path/to/release
Downloading 'https://github.com/path/to/release'
Connecting to 20.27.177.113:443
Redirected to /github-production-release-asset-aabbcc/path/to/somewhere on objects.githubusercontent.com
SSL error: SSL - Bad input parameters to function
Connection error: Connection failed

Related and reference in #24365

wget (/bin/uclient-fetch) is broken too:

# wget https://raw.githubusercontent.com
Downloading 'https://raw.githubusercontent.com'
Connecting to 185.199.111.133:443
Redirected to / on github.com
SSL error: SSL - Bad input parameters to function
Connection error: Connection failed

While this works:

# wget https://github.com
Downloading 'https://github.com'
Connecting to 140.82.121.3:443
Writing to 'index.html'

Download completed (237596 bytes)

Originally posted by @krant in #24365 (comment)
@krant
Copy link
Contributor

krant commented Jul 28, 2024

Looks like the same issues:

@Neustradamus
Copy link

@Ra2-IFV, @krant: It has been fixed?
@McGiverGim has commented specified tickets.

@Ra2-IFV
Copy link
Contributor Author

Ra2-IFV commented Oct 25, 2024

All the issues causing the failures mentioned here have been fixed in Mbed TLS 3.6.1, so I'm closing this issue. Please give the new version a try and let us know if it works for you!

It's said it was fixed in mbedtls 3.6.1, shall we try it?

@Ra2-IFV
Copy link
Contributor Author

Ra2-IFV commented Oct 27, 2024 

root@OpenWrt:~# curl --tlsv1.3 https://cloudflare.com/cdn-cgi/trace
fl=REDACTED
h=cloudflare.com
ip=REDACTED
ts=REDACTED
visit_scheme=https
uag=curl/8.10.1
colo=REDACTED
sliver=none
http=http/2
loc=REDACTED
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519
root@OpenWrt:~# curl -V
curl 8.10.1 (aarch64-openwrt-linux-gnu) libcurl/8.10.1 mbedTLS/3.6.2 nghttp2/1.62.1
Release-Date: 2024-09-18
Protocols: file ftp ftps http https ipfs ipns mqtt
Features: alt-svc HSTS HTTP2 HTTPS-proxy IPv6 Largefile SSL threadsafe UnixSockets
root@OpenWrt:~#

So I guess that's it? should work for wget too

@Ra2-IFV
Copy link
Contributor Author

Ra2-IFV commented Oct 27, 2024
edited
Loading

To be precise, the wget-ssl package does not use mbedtls, it relies on openssl. As @krant said it's actually a symlink to uclient-fetch, my bad

root@OpenWrt:~# which wget
/usr/bin/wget
root@OpenWrt:~# ls -lh /usr/bin/wget
lrwxrwxrwx    1 root     root          REDACTED /usr/bin/wget -> /bin/uclient-fetch
root@OpenWrt:~# wget -O - https://cloudflare.com/cdn-cgi/trace | cat
Downloading 'https://cloudflare.com/cdn-cgi/trace'
Connecting to REDACTED
Writing to stdout
fl=REDACTED
h=cloudflare.com
ip=REDACTED
ts=REDACTED
visit_scheme=https
uag=uclient-fetch
colo=REDACTED
sliver=none
http=http/1.1
loc=REDACTED
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

Download completed (232 bytes)
root@OpenWrt:~#

@Ra2-IFV Ra2-IFV changed the title mbedtls 3.6.0 breaks wget mbedtls 3.6.0 breaks uclient-fetch Oct 27, 2024
@Ra2-IFV
Copy link
Contributor Author

Ra2-IFV commented Oct 27, 2024

closing as fixed in mbedtls 3.6.2

@Ra2-IFV Ra2-IFV closed this as completed Oct 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Neustradamus @krant @Ra2-IFV