Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wget and curl didn't working on https #194

Closed
manesec opened this issue Sep 9, 2022 · 5 comments
Closed

wget and curl didn't working on https #194

manesec opened this issue Sep 9, 2022 · 5 comments
Labels
stale issue is inactive for long time

Comments

@manesec
Copy link

manesec commented Sep 9, 2022

Hi, I am trying to install it in termux,

curl -L -o install.sh https://bit.ly/udroid-installer 
# run the installer 
bash install.sh 
# Install ubuntu with this command 
udroid -i xfce4

After it finish, I try to logout and login again, and using vnc to connect:

~ $ proot-distro login udroid-impish-xfce4
root@localhost:~# vnc
vncconfig   vncpasswd   vncserver   vncsession  vncviewer
root@localhost:~# vncserver

However, I try to open terminal and type wget and curl it show error:

root@localhost:~# curl http://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

root@localhost:~# curl https://google.com
curl: (35) Insufficient randomness

root@localhost:~# wget https://google.com
--2022-09-09 15:54:14--  https://google.com/
Could not seed PRNG; consider using --random-file.
OpenSSL: error:1C8000BD:Provider routines::error retrieving entropy
OpenSSL: error:1200006C:random number generator::error instantiating drbg
Disabling SSL due to encountered errors.

root@localhost:~#

It seem to /dev/random have some issue, but I can't solve, Is anyone have idea to solve this problem ?
@manesec manesec added documentation Improvements or additions to documentation question Further information is requested labels Sep 9, 2022
@SaicharanKandukuri SaicharanKandukuri removed documentation Improvements or additions to documentation question Further information is requested labels Sep 9, 2022
@SaicharanKandukuri
Copy link
Member

@manesec I can recreate this problem with devices I have

try to reach devs in this similar issue

@manesec
Copy link
Author

manesec commented Sep 9, 2022

I found that on the termux will no problem, but in proot will have this issue.

~ $ curl https://google.com -v                                                                                                                              *   Trying 142.250.204.46:443...                                                                                                                            * Connected to google.com (142.250.204.46) port 443 (#0)
* ALPN, offering h2                                                                                                                                         * ALPN, offering http/1.1
*  CAfile: /data/data/com.termux/files/usr/etc/tls/cert.pem                                                                                                 *  CApath: /data/data/com.termux/files/usr/etc/tls/certs                                                                                                    * TLSv1.3 (OUT), TLS handshake, Client hello (1):                                                                                                           * TLSv1.3 (IN), TLS handshake, Server hello (2):                                                                                                            * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):                                                                                                    * TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):                                                                                                               * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):                                                                                                 * TLSv1.3 (OUT), TLS handshake, Finished (20):                                                                                                               * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384                                                                                                     * ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.google.com
*  start date: Aug 22 08:22:36 2022 GMT                                                                                                                     *  expire date: Nov 14 08:22:35 2022 GMT                                                                                                                    *  subjectAltName: host "google.com" matched cert's "google.com"                                                                                            *  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3                                                                                                 *  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)                                                                                                               * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0                                                                            * Using Stream ID: 1 (easy handle 0x7f782a5800)
> GET / HTTP/2                                                                                                                                              > Host: google.com                                                                                                                                          > user-agent: curl/7.81.0
> accept: */*                                                                                                                                               >                                                                                                                                                           * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8                                                                                                                    < date: Fri, 09 Sep 2022 16:41:09 GMT                                                                                                                       < expires: Sun, 09 Oct 2022 16:41:09 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">[[here](https://www.google.com/)](https://www.google.com/)</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact

~ $ proot-distro login udroid-impish-xfce4 --shared-tmp --isolated

root@localhost:~# curl https://google.com -v
*   Trying 142.250.204.46:443...
* Connected to google.com (142.250.204.46) port 443 (#0)
* Insufficient randomness
* Closing connection 0
curl: (35) Insufficient randomness

root@localhost:~#

ping working on the proof, dns also working, but dig also show openssl have same error like wget and curl.

root@localhost:~# ping yahoo.com
PING yahoo.com (74.6.143.26) 56(84) bytes of data.
64 bytes from media-router-fp74.prod.media.vip.bf1.yahoo.com (74.6.143.26): icmp_seq=1 ttl=48 time=349 ms
From 192.168.31.3 (192.168.31.3) icmp_seq=2 Redirect Host(New nexthop: 1.31.168.192 (1.31.168.192))
64 bytes from media-router-fp74.prod.media.vip.bf1.yahoo.com (74.6.143.26): icmp_seq=2 ttl=48 time=253 ms
64 bytes from media-router-fp74.prod.media.vip.bf1.yahoo.com (74.6.143.26): icmp_seq=3 ttl=48 time=290 ms
64 bytes from media-router-fp74.prod.media.vip.bf1.yahoo.com (74.6.143.26): icmp_seq=4 ttl=48 time=415 ms
64 bytes from media-router-fp74.prod.media.vip.bf1.yahoo.com (74.6.143.26): icmp_seq=5 ttl=48 time=245 ms
64 bytes from media-router-fp74.prod.media.vip.bf1.yahoo.com (74.6.143.26): icmp_seq=6 ttl=48 time=255 ms
^C
--- yahoo.com ping statistics ---
6 packets transmitted, 6 received, +1 errors, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 244.820/301.242/415.266/61.998 ms

root@localhost:~# dig yahoo.com
tls.c:120: fatal error: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
Aborted

@SaicharanKandukuri
Copy link
Member

I did some digging and found out it could probably be a device-specific issue

@stale
Copy link

stale bot commented Sep 20, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale issue is inactive for long time label Sep 20, 2022
@stale
Copy link

stale bot commented Sep 27, 2022

Time to close this BrownSpiffyEmperorshrimp-size_restricted

@stale stale bot closed this as completed Sep 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale issue is inactive for long time
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manesec @SaicharanKandukuri