SSL Error while updating to OS5 failed: error:1408F119:SSL

Seb · January 3, 2022, 4:39pm

Hello

I’m actually experiencing an issue with my Omnia ( CZ11NIC13) when trying to migrate to TurrisOs5

When i let Foris manage the upgrade, the omnia become inaccessible either by web interface or by SSH. I decided to try to update it by ssh and i systematicaly get an error (failed: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac)

I already tried :

factory reset then update
medkit last flash then update

No matter what i try, the same error (but not always on the same file, often migrate3x.lua, sometimes coreutils_8.30-2_arm_cortex-a9_vfpv3-d16.ipk)

Here’s the full process of pkgupdate on my turris :

root@turris:~# pkgupdate
cat: can’t open ‘/usr/share/server-uplink/registration_code’: No such file or directory
WARN:Contract wasn’t verified
WARN:Requested package foris-storage-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package luci-i18n-ddns-en that is missing, ignoring as requested.
INFO:Queue install of tos3to4/turris/1.0.3-1
Press return to continue, CTRL+C to abort

INFO:Executing preupdate hook: 05_schnapps.sh
Snapshot number 3 created
INFO:Unpacking download packages
INFO:Checking for file collisions between packages
INFO:Running pre-install scripts and merging packages to root file system
INFO:Running post-install and post-rm scripts
INFO:Running postinst of tos3to4
INFO:Removing packages and leftover files
INFO:Cleaning up control files
cat: can’t open ‘/usr/share/server-uplink/registration_code’: No such file or directory
WARN:Contract wasn’t verified
WARN:Package wpad is in cyclic dependency. It might fail its post-install script.
WARN:Package hostapd is in cyclic dependency. It might fail its post-install script.
WARN:Requested package foris-storage-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package luci-i18n-ddns-en that is missing, ignoring as requested.
INFO:Queue install of libgcc/turris/7.5.0-2
INFO:Queue install of libc/turris/1.1.24-2
INFO:Queue install of tos3to4-earliest/turris/2.4.1-1
INFO:Queue install of libjson-c/turris/0.12.1-3.1
INFO:Queue install of libubox/turris/2020-05-25-66195aee-1
INFO:Queue install of jsonfilter/turris/2018-02-04-c7e938d6-1
INFO:Queue install of busybox/turris/1.30.1-8
INFO:Queue install of ca-certificates/turris/20200601-1
INFO:Queue install of libopenssl/turris/1.1.1l-1
INFO:Queue install of libexpat/turris/2.2.9-1
INFO:Queue install of libbz2/turris/1.0.8-1
INFO:Queue install of libpthread/turris/1.1.24-2
INFO:Queue install of liblzma/turris/5.2.5-1
INFO:Queue install of zlib/turris/1.2.11-3
INFO:Queue install of libarchive/turris/3.4.2-1
INFO:Queue install of liburiparser/turris/0.9.5-1
INFO:Queue install of ca-bundle/turris/20200601-1
INFO:Queue install of libcurl/turris/7.66.0-3
INFO:Queue install of libevent2/turris/2.1.11-1
INFO:Queue install of liblua/turris/5.1.5-3
INFO:Queue install of libuci/turris/2019-09-01-415f9e48-4
INFO:Queue install of libuci-lua/turris/2019-09-01-415f9e48-4
INFO:Queue install of updater-ng/turris/69.1.3-2
Press return to continue, CTRL+C to abort

INFO:Unpacking download packages
INFO:Checking for file collisions between packages
INFO:Running pre-install scripts and merging packages to root file system
WARN:Config file /etc/config/updater modified by the user. Backing up the new one into /etc/config/updater-opkg
INFO:Running post-install and post-rm scripts
INFO:Running postinst of libgcc
INFO:Running postinst of libc
INFO:Running postinst of tos3to4-earliest
INFO:Running postinst of libjson-c
INFO:Running postinst of libubox
INFO:Running postinst of jsonfilter
INFO:Running postinst of busybox
Error relocating /bin/ubus: uloop_run: symbol not found
/etc/rc.common: line 32: uci_load_validate: not found
/etc/rc.common: line 32: uci_load_validate: not found
Error relocating /bin/ubus: uloop_run: symbol not found
Output from busybox.postinst:
Error relocating /bin/ubus: uloop_run: symbol not found
/etc/rc.common: line 32: uci_load_validate: not found
/etc/rc.common: line 32: uci_load_validate: not found
Error relocating /bin/ubus: uloop_run: symbol not found
INFO:Running postinst of ca-certificates
INFO:Running postinst of libopenssl
INFO:Running postinst of libexpat
INFO:Running postinst of libbz2
INFO:Running postinst of libpthread
INFO:Running postinst of liblzma
INFO:Running postinst of zlib
INFO:Running postinst of libarchive
INFO:Running postinst of liburiparser
INFO:Running postinst of ca-bundle
INFO:Running postinst of libcurl
INFO:Running postinst of libevent2
INFO:Running postinst of liblua
INFO:Running postinst of libuci
INFO:Running postinst of libuci-lua
INFO:Running postinst of updater-ng
INFO:Removing packages and leftover files
INFO:Cleaning up control files
line not found
line not found
line not found
ERROR:
runtime: [string “requests”]:430: [string “utils”]:420: Getting URI (https://repo.turris.cz/hbs/omnia/lists/migrate3x.lua) failed: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac
INFO:Executing postupdate hook: 05_schnapps.sh
Snapshot number 4 created
INFO:Executing postupdate hook: 99_approvals_cleanup
INFO:Executing postupdate hook: cleanup_rc_d.sh
Removing enable for non-existent service: S85updater

Thanks

JardaB · January 4, 2022, 7:16am

I announce in advance that I am only an little informed “layman” !

It seems to me that you are migrating from TOS 3 to TOS 4. Your machine got stuck in SW prehistory :-). You want to skip one version to TOS5. I think the easiest way for you is to clean install TOS 5. Or schnapps rollback.

Seb · January 4, 2022, 12:14pm

Thanks

Actually i want to go to TOs 5 but the pkgupdate go first to TOs 4 then TOs 5. I’d love to flash directly a TOs 5 as i’m redoing my whole configuration so no need to keep my old settings

But sorry for the noob question, i don’t know where to find the TOs 5 image. The medkit i downloaded on Index of /omnia/medkit/ seems to be a TOs3

commar · January 4, 2022, 12:48pm

Manual migration:

opkg update
opkg install wget
wget https://repo.turris.cz/hbs/medkit/omnia-medkit-latest.tar.gz
schnapps import -f omnia-medkit-latest.tar.gz
schnapps rollback factory
reboot

EDIT: Thank you @Pepe for the correction.

Pepe · January 5, 2022, 7:44am

Let’s try to summon here @Stepan, who responded to your support’s ticket. It would be nice to have a solution here as well because it might be possible that someone else experience this issue.

Seb · January 5, 2022, 1:38pm

Hi everybody

Thanks for your help.
I managed to flash the TurrisOS 5.3.3 using the medkit. It seems that the issue was my USB drive. Just changed the drive and it flashed.

Unfortunately, i’m getting an error and can’t use Web Interface (the landingpage does not show any applications, /foris/ send error 404, /luci/ seems to be working)

On ReForis, i Get the error Controller Missing. (see attachment)

I managed to get an access on the serial, and to luci by setting a password with the serial interface, but the solution on this thread (Can not use Reforis on TOS 5+ - ControllerMissing - #21 by cynerd - SW help - Turris forum) isn’t working

I’ll try to configure the WAN access in order to run a OPKG update and install packages they’re talking about on this thread.

viktor · January 5, 2022, 1:57pm

Welcome to our club.

Seb · January 5, 2022, 5:30pm

I managed to configure my WAN via Serial Port. And now, i’d like to do an opkg update and install some missing packages, but my dear SSL error is back in the game T_T

viktor · January 5, 2022, 5:40pm

Sounds like network issue during communication between Omni and the server. Any other devices in your network?

Seb · January 5, 2022, 5:42pm

The turris WAN port is link to provider box. My laptop on LAN1
Nothing else on this network
But i don’t understand why after many factory reset i still get a fucking SSL error :o

Seb · January 5, 2022, 5:44pm

When i try to wget the packages that failed with opkg i get

OpenSSL error:1408F119:SSL_routines:ssl3_get_record:decryption failed or bad record mac
Unable to establish SSL connection

viktor · January 5, 2022, 5:46pm

What is the provider box?

Because it’s probably network problem.

Seb · January 5, 2022, 5:47pm

But I can download some files on the same repo. That make no sense. I’m able to wget /hbs/omnia/packages/core/Packages.gz

But unable to download, on the same repo /hbs/omnia/packages/turrispackages/Packages.sic

Seb · January 5, 2022, 5:48pm

Ok i should try to connect my wan directly on the ONT then
But i still don’t understand why i can download some files on the repo and can’t others files

hagrid · January 6, 2022, 8:04am

Hello,
can you try to run the pkgupdate command? It is a CLI utility to trigger the updater and it should handle the rest.

Seb · January 6, 2022, 9:54pm

Hello
Sadly, same error with pkgupdate

I tried not to use the wan port, and use the wifi as wwan but same errors.
When i try to wget manually the packages, i must wget 4 or 5 times each file to manage to download one time without this error.

Seb · January 10, 2022, 3:07pm

So i managed to configure the WAN directly on the ONT output, deleting the ISP router.
But same issues with OPKG Update (wget returned 4) and pkgupdate (error:1408F119:SSL decryption failed or bad record mac)

I realized that my ISP doesnt provide any IPv6, and saw on OpenWRT forum that wget error 4 may occur when opkg tries to use IPv6. Could you please help me to force opkg to use IPv4 ?

Seb · January 10, 2022, 3:48pm

After a small miracle, i managed to do an opkg update successfully

I so wanted to follow Can not use Reforis on TOS 5+ - ControllerMissing - SW help - Turris forum tutorial in order to install those packages. But i got a new error :

Now, i don’t have a Missing Controller error anymore, but an Error 500 on /reforis/

viktor · January 11, 2022, 12:26pm

It’s not miracle, it’s network. Otherwise congratulations!

Welcome to the club.