On 12 June 2017 at 03:28, Stuart Henderson <s...@spacehopper.org> wrote: > On 2017-06-12, jungle boogie <jungleboog...@gmail.com> wrote: >> Hi All, >> >> I'm attempting to fetch the latest bsd.rd snapshot, but it's failing >> because of the ocsp response. >> >> $ ftp https://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd >> Trying 129.128.5.191... >> Requesting https://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd >> ftp: SSL write error: ocsp verify failed: ocsp response not current >> >> Currently on >> OpenBSD 6.1-current (GENERIC.MP) #116: Sat Jun 10 22:34:37 MDT 2017 >> >> Any clues as to what's happening with the ocsp response? >> >> Thanks, >> j.b. >> >> > > It's a server-side problem, same on www.openbsd.org. Not visible in > normal graphical browsers because they fallback to the CA's OCSP server > whereas ftp(1) just relies on the stapled cert. >
Ah, that explains why I didn't see it within firefox. > Simplest workaround is to use a mirror, but it does mean that the > installer won't be showing the list of mirrors at the moment (or > feeding into initial RNG entropy) even if your clock is correct, > so you'll also need to type the mirror's hostname by hand in the > installer. > FreeBSD's fetch wasn't affected for some reason or another so I was able to fetch bsd.rd and scp it to my OpenBSD machine. The auto upgrade either downgraded to http or didn't care about the OCSP. > -- ------- inum: 883510009027723 sip: jungleboo...@sip2sip.info