On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote: > On 01/06/17 06:28, Stuart Henderson wrote: > > Related to this (and particularly thinking about autoinstalls), > > would it make sense to allow explicit protocols in the hostname? > > > > some.host -> https with http fallback > > http://some.host/ -> http only > > https://some.host/ -> https only, no fallback > > That would totally work for my install problem. > > FWIW, instead of running a patched install.sub, "rm /etc/ssl/cert.pem" makes > the install bypass the https attempt. >
Note, if you're upgrading or otherwise have a way to et a cert.pem bundle onto there to *replace* the default, you could always drop the signer for your private self-signed server into the cert.pem bundle, at which point it would be accepted as trusted. of course if you're just installing you have an interesting chicken and egg problem, unless you put it somewhere on an https site that does have a real certificate, drop out of the installer and do ftp -o /tmp/mysigner.pem https://my.secure.site/mysigner.pem cat /tmp/mysigner.pem >> /etc/ssl/cert.pem then continue the install, and you're good. Almost wonder if it's worth an extra question in the installer to ask for an https address to retrieve a certficiate bundle to be appended to cert.pem for the install...
