Comment 13 for bug 833994

I've committed the start of this upstream, now that I've fixed things to permit the use of GNU wget. My strategy here is going to be:

 * make fetch-url (for preseeding) and kickseed both work with HTTPS
 * overload debian-installer/allow_unauthenticated=false to imply wget --no-check-certificate (I think this is close enough; I couldn't think of a reason why you would care deeply about the HTTPS certificate and then not care about installing unauthenticated packages)
 * add wget-udeb to our default d-i builds (at least netboot, but probably globally)
 * add support to the d-i build system for local builds with SSLCERTS set to a list of paths to certificates
 * if you want to use the stock initramfs, you can make another initramfs containing just /usr/lib/ssl/certs/*.crt for whatever certificates you need, run c_rehash over that directory, and concatenate that to the stock initramfs either with cat or in your boot loader

Once this is done, I'll be able to proceed with the next step, bug 1135163.