OpenWRT: Bouncing Back from a Failed SSL Library Crossgrade

In the event of a failed crossgrade between SSL libraries (e.g. OpenSSL to Mbed TLS) on an OpenWRT installation, it's likely that poor opkg will be left in a Catch 22 situation: How can it install an SSL library when it needs an SSL library to install one? Well…

---

Instructions:

This will temporarily weaken your OpenWRT device's security.

1. Connect to the OpenWRT device in question over SSH from another device which is on the same local area network.
2. Open the file /etc/opkg.conf in a text editor and change option check_signature 1 to option check_signature 0.
3. Open the file /etc/opkg/distfeeds.conf in a text editor and change the scheme of each URL from https to http
4. If it was the installation or upgrade of a specific package that caused the failed crossgrade e.g. luci-ssl, resume that process by running the relevant command e.g. opkg install luci-ssl or opkg upgrade luci-ssl. Otherwise, ensure that the packages ca-bundle, ca-certificates, and either libustream-mbedtls* or libustream-openssl* are installed.
5. Undo the changes you made in steps two and three.
6. DO NOT FORGET TO DO THE PREVIOUS STEP.
7. Run opkg update.

Magic Spearmint