TLS/SSL compatible Wget or cURL for HTTPS (with Root Certificate Authority list)

[GoogleCodeExporter]

Firmware: 3.0.3.7-072  (RT-N65U_3.0.3.7-072_full.trx)

Gist of the problem:
 1. Navigate to "Advance Settings" > "Administration" > "Console"
 2. wget https://duckduckgo.com   (example URL)

This is the output:
<pre>
  wget: not an http or ftp url: https://duckduckgo.com/
</pre>

I ultimately reached the above problem while trying to setup DDNS to work 
properly with DNS-o-Matic. Initially, my issue was to omit puting a hostname so 
that all services attached to DNS-o-Matic would update appropriately but a 
hostname is required thus I used "all.dnsomatic.com". However, 
"all.dnsomatic.com" is not resolvable thus inadyn keeps spam updating all the 
services even if the IP has not changed (every 10 minutes).

Below is a log sample of using "all.dnsomatic.com" as hostname:
<pre>
Jan 11 08:13:21 inadyn[14815]: Inadyn version 1.99.2 -- Dynamic DNS update 
client.
Jan 11 08:13:21 inadyn[14815]: Failed resolving hostname all.dnsomatic.com: 
Name or service not known
Jan 11 08:13:21 inadyn[14815]: Checking for IP# change, querying interface ppp0
Jan 11 08:13:21 inadyn[14815]: Update needed for alias all.dnsomatic.com, new 
IP# **.**.***.***
Jan 11 08:13:21 inadyn[14815]: Sending IP# update to DDNS server, connecting to 
updates.dnsomatic.com(67.215.92.215)
Jan 11 08:13:23 inadyn[14815]: Sending alias table update to DDNS server:
Jan 11 08:13:23 inadyn[14815]: GET 
/nic/update?hostname=all.dnsomatic.com&myip=**.**.***.*** HTTP/1.0^M Host: 
updates.dnsomatic.com^M Authorization: Basic 
O5WUeTkHr3jPYtoBqWBCH8uw0Rz2FOYsLl2C^M User-Agent: inadyn/1.99.2 
admin@vampik.ru^M ^M
Jan 11 08:13:23 inadyn[14815]: Successful alias table update for 
all.dnsomatic.com => new IP# **.**.***.***
Jan 11 08:13:23 inadyn[14815]: DDNS server response:
Jan 11 08:13:23 inadyn[14815]: HTTP/1.1 200 OK^M Server: Apache^M Vary: 
Accept-Encoding^M Content-Type: text/html^M Content-Length: 19^M Accept-Ranges: 
bytes^M Date: Sat, 11 Jan 2014 13:13:23 GMT^M X-Varnish: 3920777550^M Age: 0^M 
Via: 1.1 varnish^M Connection: close^M ^M good **.**.***.***
</pre>

On the other hand, while trying to keep spam updating to a strict minimum, 
actual domain name that are pointing to the PPPoE session IP cannot be used 
because DNS-o-Matic is not setup on a "domain.com" --> "IP" basis but rather 
"external services" --> "IP" basis (such as uptime monitoring services, vpn 
services, chain dns services, etc.). Hence, DNS-o-Matic keeps responding with 
the error "nohost" as it is trying to find the specific host passed by inadyn.

Below is a log sample of using an actual domain name that should resolves into 
the WAN ip:
<pre>
Jan 11 07:48:54 inadyn[13165]: Checking for IP# change, querying interface ppp0
Jan 11 07:48:54 inadyn[13165]: No IP# change detected, still at **.**.***.***
Jan 11 07:48:54 inadyn[13165]: Sending IP# update to DDNS server, connecting to 
updates.dnsomatic.com(67.215.92.215)
Jan 11 07:48:55 inadyn[13165]: Sending alias table update to DDNS server:
Jan 11 07:48:55 inadyn[13165]: GET 
/nic/update?hostname=*******************&myip=**.**.***.*** HTTP/1.0^M Host: 
updates.dnsomatic.com^M Authorization: Basic 
O5WUeTkHr3jPYtoBqWBCH8uw0Rz2FOYsLl2C^M User-Agent: inadyn/1.99.2 
admin@vampik.ru^M ^M
Jan 11 07:48:55 inadyn[13165]: Fatal error in DDNS server response:
Jan 11 07:48:55 inadyn[13165]: [200 OK] nohost
Jan 11 07:48:55 inadyn[13165]: DDNS server response:
Jan 11 07:48:55 inadyn[13165]: HTTP/1.1 200 OK^M Server: Apache^M Vary: 
Accept-Encoding^M Content-Type: text/html^M Content-Length: 6^M Accept-Ranges: 
bytes^M Date: Sat, 11 Jan 2014 12:48:55 GMT^M X-Varnish: 3919943496^M Age: 0^M 
Via: 1.1 varnish^M Connection: close^M ^M nohost
Jan 11 07:48:55 inadyn[13165]: Will retry again in 600 sec...
<pre>

Moreover, the DDNS update period is static, hence compelled to use the lowest 
interval (10 minutes) to keep sending updates to DNS-o-Matic simply so that 
whenever the WAN IP changes it is caught as quickly as possible (within 10 
minutes here; but that is not fixing the real issue of spam updating). I would 
have preferred if DDNS was just monitoring the PPPoE session IP and sent an 
update to DNS-o-Matic as soon as it changed.

Finally, I went ahead with the "Advance Settings" > "Administration" > "Tweaks" 
section where I could add my own scripts for WAN up/down Events. While doing 
so, I found out that the current firmware did not have any SSL capable cURL or 
Wget utilities.

I can understand why one would not want to include a bundle of pre-approved 
ROOT CA certificates for SSL/TLS to work. Nonetheless, adding the option in the 
web interface for uploading our own CA list would help alleviate that concern.

The update link could be as simple as running the following command and 
appending its output to the system log as soon as a WAN up event is triggered:
cURL -L 
"https://username:password@updates.dnsomatic.com/nic/update?wildcard=NOCHG&mx=NO
CHG&backmx=NOCHG"

Long story short, including SSL capable Wget or cURL utility would help a lot.

Here are some helpful reference:
DNS-o-Matic API [  http://dnsomatic.com/wiki/api#sample_updates  ]

Original issue reported on code.google.com by yojiro....@gmail.com on 11 Jan 2014 at 2:40

[GoogleCodeExporter]

Both curl and wget-https can and should be installed via Entware.

opkg update
opkg install curl
opkg wget

Original comment by c_u_late...@hotmail.com on 1 Feb 2014 at 11:15

[GoogleCodeExporter]

{{{
opkg update
opkg install curl
opkg install wget
}}}

Original comment by Dr.Sydorenko.O on 2 Feb 2014 at 4:56

• Changed state: Done

[GoogleCodeExporter]

It can be done without Entware. See openssl s_client -h for details

Original comment by d...@soulblader.com on 24 Jan 2015 at 6:43