After installing OpenWRT Chaos Calmer, I noticed that OPKG calls are performed via HTTP without SSL. Changing to HTTPS was not as simple as adding just one letter ‘s’. Read on for the steps.
Before we begin, run:
opkg update
This will retrieve list of updated packages from the official repository.
wget is a program for retrieving content from web servers. OpenWRT comes with that builtin but without SSL support due to size constraints. Most routers have tiny storage capacity with a lot of them barely having enough to store SSL libraries and/or root certificates.
To install wget with SSL support, run:
opkg install wget
In order for SSL certificates to be validated, root certificates should be added. If you need to save space however, you should add required certificates manually. I will only be describing how to add root certificates, run:
opkg install ca-certificates
Add SSL library:
opkg install libustream-openssl
If you have LuCI (GUI) installed, enabling SSL is very easy. Navigate to System > Software > Distribution feeds. Replace all http:// URLs to https://.
If you do not have LuCI, you will have to edit /etc/opkg/distfeeds.conf using your preferred editor.
Perform an update:
opkg update
You should be seeing the following output:
Downloading https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_core
Downloading https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/packages/Packages.sig
Signature check passed.
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_base
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/base/Packages.sig
Signature check passed.
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_luci
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/luci/Packages.sig
Signature check passed.
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_packages
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/packages/Packages.sig
Signature check passed.
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_routing
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/routing/Packages.sig
Signature check passed.
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/reboot_telephony
Downloading https://downloads.lede-project.org/releases/17.01.4/packages/mips_24kc/telephony/Packages.sig
Signature check passed.