Allowed HTTPS to be a separately configurable feature.

src/config.h

 #define	DOWNLOAD_PROTO_TFTP	/* Trivial File Transfer Protocol */
 #undef	DOWNLOAD_PROTO_NFS	/* Network File System */
 #define	DOWNLOAD_PROTO_HTTP	/* Hypertext Transfer Protocol */
+#undef	DOWNLOAD_PROTO_HTTPS	/* Secure Hypertext Transfer Protocol */
 #undef	DOWNLOAD_PROTO_FTP	/* File Transfer Protocol */
 #undef	DOWNLOAD_PROTO_TFTM	/* Multicast Trivial File Transfer Protocol */
 #undef	DOWNLOAD_PROTO_SLAM	/* Scalable Local Area Multicast */

src/core/config.c

 #ifdef DOWNLOAD_PROTO_HTTP
 REQUIRE_OBJECT ( http );
 #endif
+#ifdef DOWNLOAD_PROTO_HTTPS
+REQUIRE_OBJECT ( https );
+#endif
 #ifdef DOWNLOAD_PROTO_FTP
 REQUIRE_OBJECT ( ftp );
 #endif

src/include/gpxe/http.h

 /** HTTPS default port */
 #define HTTPS_PORT 443
 
+extern int http_open_filter ( struct xfer_interface *xfer, struct uri *uri,
+			      unsigned int default_port,
+			      int ( * filter ) ( struct xfer_interface *,
+						 struct xfer_interface ** ) );
+
 #endif /* _GPXE_HTTP_H */

src/net/tcp/http.c

 #include <gpxe/tcpip.h>
 #include <gpxe/process.h>
 #include <gpxe/linebuf.h>
-#include <gpxe/tls.h>
 #include <gpxe/http.h>
 
 /** HTTP receive state */
 };
 
 /**
- * Initiate an HTTP connection
+ * Initiate an HTTP connection, with optional filter
  *
  * @v xfer		Data transfer interface
  * @v uri		Uniform Resource Identifier
+ * @v default_port	Default port number
+ * @v filter		Filter to apply to socket, or NULL
  * @ret rc		Return status code
  */
-static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
+int http_open_filter ( struct xfer_interface *xfer, struct uri *uri,
+		       unsigned int default_port,
+		       int ( * filter ) ( struct xfer_interface *xfer,
+					  struct xfer_interface **next ) ) {
 	struct http_request *http;
 	struct sockaddr_tcpip server;
 	struct xfer_interface *socket;
 
 	/* Open socket */
 	memset ( &server, 0, sizeof ( server ) );
-	server.st_port = htons ( uri_port ( http->uri, HTTP_PORT ) );
+	server.st_port = htons ( uri_port ( http->uri, default_port ) );
 	socket = &http->socket;
-	if ( strcmp ( http->uri->scheme, "https" ) == 0 ) {
-		server.st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
-		if ( ( rc = add_tls ( socket, &socket ) ) != 0 )
+	if ( filter ) {
+		if ( ( rc = filter ( socket, &socket ) ) != 0 )
 			goto err;
 	}
 	if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
 	return rc;
 }
 
+/**
+ * Initiate an HTTP connection
+ *
+ * @v xfer		Data transfer interface
+ * @v uri		Uniform Resource Identifier
+ * @ret rc		Return status code
+ */
+static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
+	return http_open_filter ( xfer, uri, HTTP_PORT, NULL );
+}
+
 /** HTTP URI opener */
 struct uri_opener http_uri_opener __uri_opener = {
 	.scheme	= "http",
 	.open	= http_open,
 };
-
-/** HTTPS URI opener */
-struct uri_opener https_uri_opener __uri_opener = {
-	.scheme	= "https",
-	.open	= http_open,
-};

src/net/tcp/https.c

+/*
+ * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/**
+ * @file
+ *
+ * Secure Hyper Text Transfer Protocol (HTTPS)
+ *
+ */
+
+#include <stddef.h>
+#include <gpxe/open.h>
+#include <gpxe/tls.h>
+#include <gpxe/http.h>
+
+/**
+ * Initiate an HTTPS connection
+ *
+ * @v xfer		Data transfer interface
+ * @v uri		Uniform Resource Identifier
+ * @ret rc		Return status code
+ */
+static int https_open ( struct xfer_interface *xfer, struct uri *uri ) {
+	return http_open_filter ( xfer, uri, HTTPS_PORT, add_tls );
+}
+
+/** HTTPS URI opener */
+struct uri_opener https_uri_opener __uri_opener = {
+	.scheme	= "https",
+	.open	= https_open,
+};