[PATCH 1/3] build: add libustream and certs to default pkgs
Henrique de Moraes Holschuh
henrique at nic.br
Tue Sep 15 17:19:33 EDT 2020
On 27/08/2020 18:47, Paul Spooren wrote:
> To allow HTTPS usage on a router it requires both certificates
> (ca-bundle) and a fitting libustream library (libustream-wolfssl)
>
> By adding both, uclient-fetch and wget can connect to encrypted HTTP.
>
> This allows opkg to update package lists in a more secure fashion.
It is also a FLASH pig IMHO: not as bad as, say, openssl, but ca-bundle
is still Not Small[tm] :-(
ca-bundle could benefit from some Kconfig-enforced mega diet:
[ ] Let's Encrypt and its alternative roots
[ ] Openwrt.org's packages
[ ] custom path -> (some path where we can add custom certificates,
with a default of certs/)
[ ] All other certificates we'd usually package in ca-bundle
Default would be something that gets us all the current certificates in
ca-bundle, and maybe just the custom path or LE for the SMALL_FLASH version.
--
Henrique de Moraes Holschuh
www.nic.br
More information about the openwrt-devel
mailing list