Turris 1.0 problém s SSL

Ahoj,

po delší době jsem vytáhl ze šuplíku Turris 1.0 a byl jsem překvapen že stále funguje.
Nicméně jsem se ho pokusil aktualizovat a nešlo to, nefungovalo korektně DNS.
Nefunkčnost DNS jsem se pokus sil řešit různě, ale zabral až post : Nefunguje DNS, ale jen na Turrise - #15 by RomanHK .

Bohužel bod 4, se nedal realizovat, ale tím pádem mám problém s SSL a nemůžu s modrákem přejít na “btrfs”…

je nějaké jednoduché řešení ?

při pokusu o “opkg update” to píše

BusyBox v1.25.1 (2017-08-01 17:18:39 CEST) built-in shell (ash)


|__ || | | || __ \ | __ \ | _| / ____|
| | | | | || |
) || |) | | | | (__
| | | | | || _ / | _ / | | ___ \
| | | || || | \ \ | | \ \ | | ) |
|
| _
/ || _|| _|
||__/

root@turris:~# opkg update
Downloading https://repo.turris.cz/turris/packages//base/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//base/Packages.gz

Downloading https://repo.turris.cz/turris/packages//lucics/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//lucics/Packages.gz

Downloading https://repo.turris.cz/turris/packages//management/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//management/Packages.gz

Downloading https://repo.turris.cz/turris/packages//openwisp/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//openwisp/Packages.gz

Downloading https://repo.turris.cz/turris/packages//packages/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//packages/Packages.gz

Downloading https://repo.turris.cz/turris/packages//printing/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//printing/Packages.gz

Downloading https://repo.turris.cz/turris/packages//routing/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//routing/Packages.gz

Downloading https://repo.turris.cz/turris/packages//telephony/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//telephony/Packages.gz

Downloading https://repo.turris.cz/turris/packages//turrispackages/Packages.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
*** Failed to download the package list from https://repo.turris.cz/turris/packages//turrispackages/Packages.gz

Collected errors:

Nápovědu máte tady, potřebujete nové certifikáty…

Jsou tady https://repo.turris.cz/turris/packages/base/ca-certificates_20190110-1_mpc85xx.ipk

Děkuji za odpověď, ale bohužel to jsem již instaloval… :frowning:
Tuto skutečnost, jsem zapomněl v úvodním příspěvku zdůraznit…
Dle postupu, dle kterého jsem postupoval bych řekl, že by se měla provést aktualizace /etc/ssl/updater.pem , bohužel nevím jak a kde to sehnat… :frowning:

Předpokládám že restart jsi vyzkoušel.

Ano, restart a factory reset také…

Dobrý den,

ve vašem případě byl router dlouhodobě odpojen a nebyl vyaktualizován na verzi Turris OS 3.10.9 (vydaná 18. prosince 2018), kde jsme v rámci aktualizace připravili aktualizaci verze uložené v záchranném systému a zároveň aby se router dlouho neaktualizoval z velmi staré verze na novou.

Je nutné šáhnout do historie článku v již komunitní dokumentaci a postupovat podle něj:

https://doc.turris.cz/doc/cs/troubleshooting/sdcard_recovery?rev=1548320612

Následně jakmile budete mít verzi 3.6.5, tak by se router měl vyaktualizovat na nejnovější verzi, ale raději zkontrolujte, zda router má správný datum a čas společně s RTC baterkou, novější DNSSEC klíče. Pokud by se nedařilo, tak lze stáhnout nor-update balíček z našeho repozitáře, nainstalovat jej a provést factory reset. Tím byste měl mít verzi 3.8.5.

Posledním krokem bude přejít na Btrfs a na Turris OS 5.x:

Pokud byste si nevěděl rady, tak kolegové z technické podpory vám rádi pomůžou, případně se také můžeme domluvit, že nám router přinesete a já se na něj podívám. :wink: