Use SSL in OpenWRT OPKG

After installing OpenWRT Chaos Calmer, I noticed that OPKG calls are performed via HTTP without SSL. Changing to HTTPS was not as simple as adding just one letter ’s’. Read on for the steps.

Update OPKG list

Before we begin, run:

opkg update

This will retrieve list of updated packages from the official repository.

ReplacingĀ wget with latest release build havingĀ SSL support

wget is a program for retrieving content from web servers. OpenWRT comes with that builtin but without SSL support due to size constraints. Most routers have tiny storage capacity with a lot of them barely having enough to store SSL libraries and/or root certificates.

To install wget with SSL support, run:

opkg install wget

Adding root certificates

In order for SSL certificates to be validated, root certificates should be added. If you need to save space however, you should add required certificates manually. I will only be describing how to add root certificates, run:

opkg install ca-certificates

Configuring OPKG to retrieve via HTTPS

If you have LuCI (GUI) installed, enabling SSL is very easy. Navigate to System > Software > Distribution feeds. Replace all http:// URLs to https://.

If you do not have LuCI, you will have to edit /etc/opkg/distfeeds.conf using your preferred editor.

Testing

Perform an update:

opkg update

You should be seeing the following output:

Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_base.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/Packages.sig.
Signature check passed.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/luci/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_luci.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/luci/Packages.sig.
Signature check passed.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/packages/Packages.sig.
Signature check passed.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/routing/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_routing.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/routing/Packages.sig.
Signature check passed.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/telephony/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_telephony.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/telephony/Packages.sig.
Signature check passed.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/management/Packages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_management.
Downloading https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/management/Packages.sig.
Signature check passed.

Support Me

If this post helped you, would you buy me a cup of tea/coffee?