Closed meyergru closed 6 years ago
umm yes i need to add -K to the script as normally the modem doesn't have certificate
about version... well it's another bug... problem is that you are not connected to dslam i think
(or can you give me xdslctl info --vendor output ? )
Yes, I think so. Here is the output.
# xdslctl info --vendor
xdslctl: ADSL driver and PHY status
Status: Idle
Last Retrain Reason: 0
Last initialization procedure status: 0
ChipSet Vendor Id:
ChipSet VersionNumber:
ChipSet SerialNumber:
The '-k' switch would be needed for version checks as well, in fact everywhere when curl is used for ilpuntotecnico repo (e.g. the cron script). The better option woul be to add Letsencrypt CA to the cert chain. I can look into that...
and it's already like that ;)
anyway i fixed the error with no dsl
The "-k" option is potentially unsafe against MITM-attacks.
About the "better" option: curl can use a --cacert (bundle or single cert) or a --capath parameter.
The Letsencrypt CA certs are not contained in the default path /etc/ssl/certs - nor are most other CAs. One could provide a standard set of CAs in a bundle.
Alas, the usual cert bundle file is named ca-certificates.crt, but it is not compiled into the curl version in openwrt, so what would be needed is:
or:
I tried to switch the DSL driver via GUI. At first sight, it seems to work, i.e. that the dropdown showed the version A2pvfbH043o.d26r.
After a reboot, I get this message as long as the DSL connection is still down:
That is probably because xdslctl does not show a version at all (or that one cannot be translated to a correct display value).
However, /etc/adsl/adsl_phy.bin was not replaced.
I think that the works at ilpuntotecnico could be the culprit. When I try to download any file with curl from there, I see a certificate error: