danergo
Posts: 11
Joined: Thu Oct 12, 2017 1:44 pm

Pi Zero W not able to handle SSL (https) downloads [DietPi]

Fri Apr 24, 2020 7:01 am

I have a new Pi Zero W.

I'm trying to install a Debian (DietPi) onto it but it always fails.
I don't have a keyboard and external monitor, so I choose a headless install with predefined wifi key and SSID.

The problem is absolutely wierd (wlan0 interface works for sure, because that's the only way now to reach it via SSH and it works):

Pinging an IP address works:

Code: Select all

root@DietPi:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=9.95 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=13.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=53 time=12.1 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=53 time=15.0 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 9.949/12.523/15.039/1.829 ms
Pinging a domain name (using DNS) works too:

Code: Select all

root@DietPi:~# ping google.com
PING google.com (172.217.19.174) 56(84) bytes of data.
64 bytes from zrh04s07-in-f14.1e100.net (172.217.19.174): icmp_seq=1 ttl=53 time=10.1 ms
64 bytes from zrh04s07-in-f14.1e100.net (172.217.19.174): icmp_seq=2 ttl=53 time=12.7 ms
64 bytes from zrh04s07-in-f14.1e100.net (172.217.19.174): icmp_seq=3 ttl=53 time=12.9 ms
64 bytes from zrh04s07-in-f14.1e100.net (172.217.19.174): icmp_seq=4 ttl=53 time=13.2 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 10.102/12.236/13.163/1.248 ms
Let's download a file from http (works too):

Code: Select all

root@DietPi:~# wget http://archive.raspberrypi.org/debian/dists/buster/InRelease
--2020-04-24 07:49:31--  http://archive.raspberrypi.org/debian/dists/buster/InRelease
Resolving archive.raspberrypi.org (archive.raspberrypi.org)... 176.126.240.86, 46.235.231.151, 46.235.230.122, ...
Connecting to archive.raspberrypi.org (archive.raspberrypi.org)|176.126.240.86|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25112 (25K)
Saving to: ‘InRelease.1’
  
InRelease.1                                                 100%
[========================================================================================================================================>]  24.52K  --.-KB/s    in 0.1s
    
2020-04-24 07:49:32 (174 KB/s) - ‘InRelease.1’ saved [25112/25112]

Okay, now problem: let's download the same file from https:

Code: Select all

root@DietPi:~# wget https://archive.raspberrypi.org/debian/dists/buster/InRelease
--2020-04-24 07:49:37--  https://archive.raspberrypi.org/debian/dists/buster/InRelease
Resolving archive.raspberrypi.org (archive.raspberrypi.org)... 93.93.135.117, 176.126.240.167, 46.235.231.111, ...
Connecting to archive.raspberrypi.org (archive.raspberrypi.org)|93.93.135.117|:443... connected.
This one hangs forever and can not continue. Due to this `apt` is not able upgrade or install anything.

I did one more step:

Code: Select all

root@DietPi:~# wget -d https://archive.raspberrypi.org/debian/dists/buster/InRelease
DEBUG output created by Wget 1.20.1 on linux-gnueabihf.

Reading HSTS entries from /root/.wget-hsts
URI encoding = ‘UTF-8’
Converted file name 'InRelease' (UTF-8) -> 'InRelease' (UTF-8)
--2020-04-24 07:52:26--  https://archive.raspberrypi.org/debian/dists/buster/InRelease
Certificates loaded: 128
Resolving archive.raspberrypi.org (archive.raspberrypi.org)... 176.126.240.86, 93.93.135.117, 176.126.240.167, ...
Caching archive.raspberrypi.org => 176.126.240.86 93.93.135.117 176.126.240.167 46.235.231.111 93.93.135.118 46.235.227.39 176.126.240.84 46.235.231.145 46.235.230.122 46.235.231.151 2a00:1098:88:26::1 2a00:1098:88:26::1:1 2a00:1098:84:1e0::1 2a00:1098:82:47::1:1 2a00:1098:80:56::2:1 2a00:1098:88:26::2:1 2a00:1098:84:1e0::2 2a00:1098:80:56::1:1 2a00:1098:84:1e0::3 2a00:1098:82:47::1
Connecting to archive.raspberrypi.org (archive.raspberrypi.org)|176.126.240.86|:443... connected.
Created socket 3.
Releasing 0x00f0a8d0 (new refcount 1).
GnuTLS: Error in the pull function.
Closed fd 3
Unable to establish SSL connection.
root@DietPi:~#
What shall be the problem here? Obviously not some bad certificate I have never seen like this before.

Trying this on another PI (at different location) works without issues.

Trying this from the same internet connection (same location) where the PiZero is works also.

Return to “Other”