Use SSL in OpenWRT OPKG

  • Last updated on April 10, 2016
  • Network

After installing OpenWRT Chaos Calmer, I noticed that OPKG calls are performed via HTTP without SSL. Changing to HTTPS was not as simple as adding just one letter ’s’. Read on for the steps.

Update OPKG list

Before we begin, run opkg update. This will retrieve list of updated packages from the official repository.

ReplacingĀ wget with latest release build havingĀ SSL support

wget is a program for retrieving content from web servers. OpenWRT comes with that builtin but without SSL support due to size constraints. Most routers have tiny storage capacity with a lot of them barely having enough to store SSL libraries and/or root certificates.

To install wget with SSL support, run opkg install wget.

Adding root certificates

In order for SSL certificates to be validated, root certificates should be added. If you need to save space however, you should add required certificates manually. I will only be describing how to add root certificates, run opkg install ca-certificates.

Configuring OPKG to retrieve via HTTPS

If you have LuCI (GUI) installed, enabling SSL is very easy. Navigate to System > Software > Distribution feeds. Replace all http:// URLs to https://.

If you do not have LuCI, you will have to edit /etc/opkg/distfeeds.conf using your preferred editor.

Testing

Perform an update, opkg update. Packages should be retrievable.