On 2017-06-12, jungle boogie <[email protected]> wrote: > Hi All, > > I'm attempting to fetch the latest bsd.rd snapshot, but it's failing > because of the ocsp response. > > $ ftp https://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd > Trying 129.128.5.191... > Requesting https://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd > ftp: SSL write error: ocsp verify failed: ocsp response not current > > Currently on > OpenBSD 6.1-current (GENERIC.MP) #116: Sat Jun 10 22:34:37 MDT 2017 > > Any clues as to what's happening with the ocsp response? > > Thanks, > j.b. > >
It's a server-side problem, same on www.openbsd.org. Not visible in normal graphical browsers because they fallback to the CA's OCSP server whereas ftp(1) just relies on the stapled cert. Simplest workaround is to use a mirror, but it does mean that the installer won't be showing the list of mirrors at the moment (or feeding into initial RNG entropy) even if your clock is correct, so you'll also need to type the mirror's hostname by hand in the installer.
