Here&#39;s a patch to add SSL certificates to buildroot. It builds them from mozilla&#39;s svn, so the certs are not likely to have been tampered with. It&#39;s really pretty slick.<br><br><span style="font-family: courier new,monospace;">diff -Nwrup -x .svn buildroot-orig/package/ca-certificates/<a href="http://ca-certificates.mk">ca-certificates.mk</a> buildroot/package/ca-certificates/<a href="http://ca-certificates.mk">ca-certificates.mk</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">--- buildroot-orig/package/ca-certificates/<a href="http://ca-certificates.mk">ca-certificates.mk</a>&nbsp;&nbsp;&nbsp; 1969-12-31 19:00:00.000000000 -0500</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+++ buildroot/package/ca-certificates/<a href="http://ca-certificates.mk">ca-certificates.mk</a>&nbsp;&nbsp;&nbsp; 2008-07-03 07:33:36.000000000 -0400</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">@@ -0,0 +1,25 @@</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+#############################################################</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+# ca-certificates</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+#############################################################</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+package/ca-certificates/ca-bundle.crt:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; package/ca-certificates/mkcabundle.pl &gt; $@</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+$(TARGET_DIR)/usr/lib/ssl/cert.pem: package/ca-certificates/ca-bundle.crt</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; mkdir -p $(TARGET_DIR)/usr/lib/ssl/certs/</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; mkdir -p $(TARGET_DIR)/usr/lib/ssl/CA/private</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; cp package/ca-certificates/ca-bundle.crt $(TARGET_DIR)/usr/lib/ssl/certs</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; ln -s certs/ca-bundle.crt $(TARGET_DIR)/usr/lib/ssl/cert.pem</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ca-certificates: $(TARGET_DIR)/usr/lib/ssl/cert.pem</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#############################################################</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+# Toplevel Makefile options</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#############################################################</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ifeq ($(strip $(BR2_PACKAGE_CA_CERTIFICATES)),y)</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+TARGETS+=ca-certificates</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+endif</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">\ No newline at end of file</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">diff -Nwrup -x .svn buildroot-orig/package/ca-certificates/Config.in buildroot/package/ca-certificates/Config.in</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">--- buildroot-orig/package/ca-certificates/Config.in&nbsp;&nbsp;&nbsp; 1969-12-31 19:00:00.000000000 -0500</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+++ buildroot/package/ca-certificates/Config.in&nbsp;&nbsp;&nbsp; 2008-07-03 07:33:36.000000000 -0400</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">@@ -0,0 +1,5 @@</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+config BR2_PACKAGE_CA_CERTIFICATES</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; bool &quot;ssl certificates&quot;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; default n</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; help</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; &nbsp; SSL certificates for OpenSSL</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">diff -Nwrup -x .svn buildroot-orig/package/ca-certificates/mkcabundle.pl buildroot/package/ca-certificates/mkcabundle.pl</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">--- buildroot-orig/package/ca-certificates/mkcabundle.pl&nbsp;&nbsp;&nbsp; 1969-12-31 19:00:00.000000000 -0500</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+++ buildroot/package/ca-certificates/mkcabundle.pl&nbsp;&nbsp;&nbsp; 2008-07-03 07:33:36.000000000 -0400</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">@@ -0,0 +1,41 @@</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+#!/usr/bin/perl -w</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+# Run as ./mkcabundle.pl &gt; ca-bundle.crt</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+my $cvsroot = &#39;:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot&#39;;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+my $certdata = &#39;mozilla/security/nss/lib/ckfw/builtins/certdata.txt&#39;;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+open(IN, &quot;cvs -d $cvsroot co -p $certdata|&quot;)</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; || die &quot;could not check out certdata.txt&quot;;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+my $incert = 0;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+print&lt;&lt;EOH;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+# This is a bundle of X.509 certificates of public Certificate</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+# Authorities.&nbsp; It was generated from the Mozilla root CA list.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+# Source: $certdata</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+#</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+EOH</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+while (&lt;IN&gt;) {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; if (/^CKA_VALUE MULTILINE_OCTAL/) {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $incert = 1;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; open(OUT, &quot;|openssl x509 -text -inform DER -fingerprint&quot;)</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; || die &quot;could not pipe to openssl x509&quot;;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; } elsif (/^END/ &amp;&amp; $incert) {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; close(OUT);</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $incert = 0;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; print &quot;\n\n&quot;;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; } elsif ($incert) {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; my @bs = split(/\\/);</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; foreach my $b (@bs) {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; chomp $b;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; printf(OUT &quot;%c&quot;, oct($b)) unless $b eq &#39;&#39;;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; print &quot;# Generated from certdata.txt RCS revision $1\n#\n&quot;;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+&nbsp;&nbsp;&nbsp; }</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+}</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">\ No newline at end of file</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">diff -Nwrup -x .svn buildroot-orig/package/Config.in buildroot/package/Config.in</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">--- buildroot-orig/package/Config.in&nbsp;&nbsp;&nbsp; 2008-07-08 11:19:53.000000000 -0400</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+++ buildroot/package/Config.in&nbsp;&nbsp;&nbsp; 2008-07-08 11:26:07.000000000 -0400</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">@@ -150,6 +150,7 @@ source &quot;package/axel/Config.in&quot;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">&nbsp;source &quot;package/boa/Config.in&quot;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">&nbsp;source &quot;package/bind/Config.in&quot;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">&nbsp;source &quot;package/bridge-utils/Config.in&quot;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+source &quot;package/ca-certificates/Config.in&quot;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">&nbsp;source &quot;package/curl/Config.in&quot;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">&nbsp;if !BR2_PACKAGE_BUSYBOX_HIDE_OTHERS</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">&nbsp;source &quot;package/dhcp/Config.in&quot;</span><br style="font-family: courier new,monospace;"><br>