[Resolved] Provide HTTPS interface for download.gl-inet.com

I’ve set up SSL certificates for use and would like to update my packages to be pulled via HTTPS rather than HTTP.

Would you please enable https on the download.gl-inet.com host?

Regards,

Micahel

https is enabled on dl.gl-inet.com
download.gl-inet.com is reserved for compatibility.

I’m looking for a HTTPS interface for package downloads. I’m saying have the download.gl-inet.com support both HTTP and HTTPS requests.

I.e. I’d like to change the below packages to HTTPS. I do not see the “releases” folder available on the dl.gl-inet.com. Would you be able to create a HTTPS mirror?

src/gz glinet_core http://download.gl-inet.com/releases/kmod-3.0/ar71xx/generic
src/gz glinet_base http://download.gl-inet.com/releases/packages-3.x/ar71xx/base
src/gz glinet_gli_pub http://download.gl-inet.com/releases/packages-3.x/ar71xx/gli_pub
src/gz glinet_packages http://download.gl-inet.com/releases/packages-3.x/ar71xx/packages
src/gz glinet_luci http://download.gl-inet.com/releases/packages-3.x/ar71xx/luci
src/gz glinet_routing http://download.gl-inet.com/releases/packages-3.x/ar71xx/routing
src/gz glinet_telephony http://download.gl-inet.com/releases/packages-3.x/ar71xx/telephony
src/gz glinet_glinet http://download.gl-inet.com/releases/packages-3.x/ar71xx/glinet

You are right. Let me check what I can do.

pls use this first. We may change the URL later.

https://dl.gl-inet.com/releases/

I will swap over shortly.

Regards,

Michael

I am attempting to swap to the HTTPS but seem to be running into errors. I’ve followed the steps https://www.leowkahman.com/2016/04/10/use-ssl-openwrt-opkg/ and https://github.com/Entware/Entware/wiki/Using-HTTPS-for-opkg.

Perhaps the wget binary coming from the dl.gl-inet is not up to date for https/SSL?

root@glmifi:~# opkg update
Downloading https://dl.gl-inet.com/releases/kmod-3.0/ar71xx/generic/Packages.gz
*** Failed to download the package list from https://dl.gl-inet.com/releases/kmo                                                                                                                         d-3.0/ar71xx/generic/Packages.gz

Downloading https://dl.gl-inet.com/releases/packages-3.x/ar71xx/base/Packages.gz
*** Failed to download the package list from https://dl.gl-inet.com/releases/pac                                                                                                                         kages-3.x/ar71xx/base/Packages.gz

Downloading https://dl.gl-inet.com/releases/packages-3.x/ar71xx/gli_pub/Packages                                                                                                                         .gz
*** Failed to download the package list from https://dl.gl-inet.com/releases/pac                                                                                                                         kages-3.x/ar71xx/gli_pub/Packages.gz

Downloading https://dl.gl-inet.com/releases/packages-3.x/ar71xx/packages/Package                                                                                                                         s.gz
^C

Would someone else try swapping their repos (after installing ca-certificates and latest wget):

src/gz glinet_core https://dl.gl-inet.com/releases/kmod-3.0/ar71xx/generic
src/gz glinet_base https://dl.gl-inet.com/releases/packages-3.x/ar71xx/base
src/gz glinet_gli_pub https://dl.gl-inet.com/releases/packages-3.x/ar71xx/gli_pub
src/gz glinet_packages https://dl.gl-inet.com/releases/packages-3.x/ar71xx/packages
src/gz glinet_luci https://dl.gl-inet.com/releases/packages-3.x/ar71xx/luci
src/gz glinet_routing https://dl.gl-inet.com/releases/packages-3.x/ar71xx/routing
src/gz glinet_telephony https://dl.gl-inet.com/releases/packages-3.x/ar71xx/telephony
src/gz glinet_glinet https://dl.gl-inet.com/releases/packages-3.x/ar71xx/glinet

Please use fw.gl-inet.com instead.

src/gz glinet_core https://fw.gl-inet.com/releases/kmod-3.0/ar71xx/generic
src/gz glinet_base https://fw.gl-inet.com/releases/packages-3.x/ar71xx/base
src/gz glinet_gli_pub https://fw.gl-inet.com/releases/packages-3.x/ar71xx/gli_pub
src/gz glinet_packages https://fw.gl-inet.com/releases/packages-3.x/ar71xx/packages
src/gz glinet_luci https://fw.gl-inet.com/releases/packages-3.x/ar71xx/luci
src/gz glinet_routing https://fw.gl-inet.com/releases/packages-3.x/ar71xx/routing
src/gz glinet_telephony https://fw.gl-inet.com/releases/packages-3.x/ar71xx/telephony
src/gz glinet_glinet https://fw.gl-inet.com/releases/packages-3.x/ar71xx/glinet
1 Like

@kyson-lok Thank you. This is working great. I appreciate the turnaround. I’d recommend you set this as the default on all new routers… Probably not best from a security perspective to have binaries transmitted via http especially since many of the routers are used to hook up to hotel and other unsecured networks where the man-in-the middle is more likely.

You’re right, we are planning to add it in firmware by default.