From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: installer: octeon: enable TLS
To: Klemens Nanni <kn@openbsd.org>
Cc: tech@openbsd.org
Date: Mon, 07 Jul 2025 08:57:45 -0600

Klemens Nanni <kn@openbsd.org> wrote:

> 4 июля 2025 г. 17:55:02 UTC, Klemens Nanni <kn@openbsd.org> пишет:
> >I'd like to be able to fetch things over HTTPS on an EdgeRouter 6P.
> 
> The diff is exactly what other architectures do to get TLS.

In that case, OK deraadt

> I just copied it and verified that there are in fact no restrictions
> preventing this.
> 
> >bsd.rd and miniroot77.img fit, I tested the former via autoinstall(8)
> >and forcing TLS prepending the 'HTTP Server?' response with "https://".
> >
> >Feedback? OK?
> >
> >
> >Index: list
> >===================================================================
> >RCS file: /cvs/src/distrib/octeon/ramdisk/list,v
> >diff -u -p -r1.33 list
> >--- list	28 Apr 2023 01:24:14 -0000	1.33
> >+++ list	3 Jul 2025 21:46:01 -0000
> >@@ -53,7 +53,6 @@ LINK	instbin					sbin/sysctl
> > LINK	instbin					sbin/umount
> > LINK	instbin					usr/bin/doas
> > LINK	instbin					usr/bin/encrypt
> >-LINK	instbin					usr/bin/ftp
> > LINK	instbin					usr/bin/grep usr/bin/egrep usr/bin/fgrep
> > LINK	instbin					usr/bin/gzip usr/bin/gunzip usr/bin/gzcat
> > LINK	instbin					usr/bin/more usr/bin/less
> >@@ -65,6 +64,10 @@ LINK	instbin					usr/sbin/installboot
> > LINK	instbin					usr/sbin/pwd_mkdb
> > ARGVLINK ksh					-sh
> > SPECIAL	rm bin/md5
> >+
> >+SPECIAL awk -f ${UTILS}/trimcerts.awk ${DESTDIR}/etc/ssl/cert.pem etc/ssl/cert.pem
> >+LINK	instbin					usr/bin/ftp-ssl usr/bin/ftp
> >+SPECIAL	rm usr/bin/ftp-ssl
> > 
> > # firmware we might need
> > COPY    ${DESTDIR}/etc/firmware/rsu-rtl8712	etc/firmware/rsu-rtl8712
> >
>