Re: Allow install from https server w/ self signed cert

2017-01-10 Thread RD Thrush
On 01/06/17 06:28, Stuart Henderson wrote: > Related to this (and particularly thinking about autoinstalls), > would it make sense to allow explicit protocols in the hostname? > > some.host -> https with http fallback > http://some.host/ -> http only > https://some.host/ -> https only, no

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Theo de Raadt
> On Sat, Jan 07, 2017 at 03:52:04PM -0700, Theo de Raadt wrote: > > > What workarounds would be reasonable and approriate? and does it > > > make sense for OpenBSD to support such scenarios out-of-the-box to > > > promote wider adoption of better software? > > > > If you want buy the

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Bob Beck
On Sat, Jan 07, 2017 at 03:52:04PM -0700, Theo de Raadt wrote: > > What workarounds would be reasonable and approriate? and does it > > make sense for OpenBSD to support such scenarios out-of-the-box to > > promote wider adoption of better software? > > If you want buy the

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Theo de Raadt
> What workarounds would be reasonable and approriate? and does it > make sense for OpenBSD to support such scenarios out-of-the-box to > promote wider adoption of better software? If you want buy the OpenBSD-installer-for-drones, contact me offline. That featureset didn't make it into the free

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Theo de Raadt
> > And we should also ask a firmware question? > > > > Nope. I don't think we should bend over backwards for people doing > > strange things. They are on their own. > > > > Most of the time I agree with this particular attitude and it is indeed > appropriate for the OP case. However, there

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Bob Beck
On Sat, Jan 07, 2017 at 05:42:24PM -0500, Jacob L. Leifman wrote: > Most of the time I agree with this particular attitude and it is indeed > appropriate for the OP case. However, there some major networks such as > various governments (or for example .mil) that do not participate in > the

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Jacob L. Leifman
On 7 Jan 2017 at 15:28, Theo de Raadt wrote: > > On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote: > > > On 01/06/17 06:28, Stuart Henderson wrote: > > > > Related to this (and particularly thinking about autoinstalls), > > > > would it make sense to allow explicit protocols in the

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Theo de Raadt
> On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote: > > On 01/06/17 06:28, Stuart Henderson wrote: > > > Related to this (and particularly thinking about autoinstalls), > > > would it make sense to allow explicit protocols in the hostname? > > > > > > some.host -> https with http

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread RD Thrush
On 01/07/17 16:13, Bob Beck wrote: > > On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote: >> On 01/06/17 06:28, Stuart Henderson wrote: >>> Related to this (and particularly thinking about autoinstalls), >>> would it make sense to allow explicit protocols in the hostname? >>> >>>

Re: Allow install from https server w/ self signed cert

2017-01-07 Thread Bob Beck
On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote: > On 01/06/17 06:28, Stuart Henderson wrote: > > Related to this (and particularly thinking about autoinstalls), > > would it make sense to allow explicit protocols in the hostname? > > > > some.host -> https with http fallback > >

Re: Allow install from https server w/ self signed cert

2017-01-06 Thread RD Thrush
On 01/06/17 06:28, Stuart Henderson wrote: > Related to this (and particularly thinking about autoinstalls), > would it make sense to allow explicit protocols in the hostname? > > some.host -> https with http fallback > http://some.host/ -> http only > https://some.host/ -> https only, no

Re: Allow install from https server w/ self signed cert

2017-01-06 Thread viq
On Fri, Jan 6, 2017 at 12:33 PM, viq wrote: > I have another issue. I'm preparing OpenBSD vagrant boxes using > https://packer.io and use it's built in http server to serve install.conf > file and siteXY.tgz. The whole setup can be seen at >

Re: Allow install from https server w/ self signed cert

2017-01-06 Thread viq
I have another issue. I'm preparing OpenBSD vagrant boxes using https://packer.io and use it's built in http server to serve install.conf file and siteXY.tgz. The whole setup can be seen at https://github.com/viq/packer-templates/ and specifically

Re: Allow install from https server w/ self signed cert

2017-01-06 Thread Landry Breuil
On Fri, Jan 06, 2017 at 11:28:34AM +, Stuart Henderson wrote: > Related to this (and particularly thinking about autoinstalls), > would it make sense to allow explicit protocols in the hostname? > > some.host -> https with http fallback > http://some.host/ -> http only > https://some.host/ ->

Re: Allow install from https server w/ self signed cert

2017-01-06 Thread Stuart Henderson
Related to this (and particularly thinking about autoinstalls), would it make sense to allow explicit protocols in the hostname? some.host -> https with http fallback http://some.host/ -> http only https://some.host/ -> https only, no fallback

Re: Allow install from https server w/ self signed cert

2017-01-05 Thread Alexander Hall
On January 5, 2017 11:10:06 PM GMT+01:00, Alexander Hall wrote: >What's the point of installing over https if you don't care about >validating the cert? Oh, I read too fast. Please disregard. /Alexander > >On January 5, 2017 12:24:11 PM GMT+01:00, RD Thrush

Re: Allow install from https server w/ self signed cert

2017-01-05 Thread Alexander Hall
What's the point of installing over https if you don't care about validating the cert? On January 5, 2017 12:24:11 PM GMT+01:00, RD Thrush wrote: >Rather than add load to the OpenBSD snapshot servers, for years I >download a snapshot to a local netgear nas server. With