Phantomski
Regular Contributor
After update to amtm 3.2.0 on FW-384.18 (RT-AC88U), I can't update entware packages (armv7sf-k2.6).
Trying
returns the same error.
Trying
indicates a problem with the certificate:
Checking in the browser, the certificate is valid. Trying wget on a different machine, it works ok too.
If I edit /opt/etc/opkg.conf and replace https:// with http:// I can run at least opkg update and opkg upgrade, even though it's obviously not ideal. Also, amtm checks for https in the opkg.conf file anyway, so I can't use amtm for entware upgrades anymore (without editing the script).
I have also noticed that checking
Returns:
Which migh suggest it's a bit outdated and potentially struggling with more modern TLS.
Looking at the Merlin's changelog, openssl should have been 1.1.1g since FW 384.17
Any ideas why it's still the old version? Could it be related to amtm/opg/wget issues above? Can I update just openssl without breaking anything down the line? Or do I have to update whole FW?
Code:
Downloading https://bin.entware.net/armv7sf-k2.6/Packages.gz
*** Failed to download the package list from https://bin.entware.net/armv7sf-k2.6/Packages.gz
Collected errors:
* opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/Packages.gz, wget returned 5.
Code:
opkg update
Trying
Code:
wget https://bin.entware.net/armv7sf-k2.6/Packages.gz
Code:
--2021-07-18 10:32:12-- https://bin.entware.net/armv7sf-k2.6/Packages.gz
Resolving bin.entware.net... 104.21.91.83, 172.67.212.134, 2606:4700:3032::ac43:d486, ...
Connecting to bin.entware.net|104.21.91.83|:443... connected.
ERROR: cannot verify bin.entware.net's certificate, issued by 'CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US':
Unable to locally verify the issuer's authority.
To connect to bin.entware.net insecurely, use `--no-check-certificate'.
Checking in the browser, the certificate is valid. Trying wget on a different machine, it works ok too.
If I edit /opt/etc/opkg.conf and replace https:// with http:// I can run at least opkg update and opkg upgrade, even though it's obviously not ideal. Also, amtm checks for https in the opkg.conf file anyway, so I can't use amtm for entware upgrades anymore (without editing the script).
I have also noticed that checking
Code:
openssl version
Code:
OpenSSL 1.0.2u 20 Dec 2019
Looking at the Merlin's changelog, openssl should have been 1.1.1g since FW 384.17
Any ideas why it's still the old version? Could it be related to amtm/opg/wget issues above? Can I update just openssl without breaking anything down the line? Or do I have to update whole FW?