On Fri, Jan 06, 2017 at 10:48:37AM -0500, RD Thrush wrote:
> On 01/06/17 06:28, Stuart Henderson wrote:
> > Related to this (and particularly thinking about autoinstalls),
> > would it make sense to allow explicit protocols in the hostname?
> > 
> > some.host -> https with http fallback
> > http://some.host/ -> http only
> > https://some.host/ -> https only, no fallback
> 
> That would totally work for my install problem.
> 
> FWIW, instead of running a patched install.sub, "rm /etc/ssl/cert.pem" makes 
> the install bypass the https attempt.
> 

Note, if you're upgrading or otherwise have a way to et a cert.pem bundle onto 
there to *replace*
the default, you could always drop the signer for your private self-signed 
server into the cert.pem
bundle, at which point it would be accepted as trusted. 

of course if you're just installing you have an interesting chicken and egg 
problem, unless
you put it somewhere on an https site that does have a real certificate, drop 
out of the
installer and do

ftp -o /tmp/mysigner.pem https://my.secure.site/mysigner.pem
cat /tmp/mysigner.pem >> /etc/ssl/cert.pem

then continue the install, and you're good. 

Almost wonder if it's worth an extra question in the installer to ask
for an https address to retrieve a certficiate bundle to be appended to cert.pem
for the install...





Reply via email to