Rather than add load to the OpenBSD snapshot servers, for years I download a 
snapshot to a local netgear nas server.  With the recent https changes, I'm no 
longer able to install from that server.  I've appended a console log of a 
failed install attempt.

Per src/distrib/miniroot/install.sub v1.940, I added the recommended question 
to the response file, ie.
Unable to connect using https. Use http instead = yes

However, the "ftp: SSL write error: certificate verification failed: self 
signed certificate" message causes the install to abort.

Here's the patch I used to account for the self signed certificate:
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.942
diff -u -p -u -p -r1.942 install.sub
--- install.sub 4 Jan 2017 13:47:29 -0000       1.942
+++ install.sub 5 Jan 2017 11:12:32 -0000
@@ -1578,7 +1578,7 @@ install_http() {
 
                # Consider the https connect failed either if it was refused by
                # the server, or it took longer than -w sec (exit code 2).
-               if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] ) ||
+               if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] || 
[[ $_err == *'self signed'* ]] ) ||
                        (($_rc == 2)); then
                        ask_yn "Unable to connect using https. Use http 
instead?" ||
                                return


######## serial console #########
>> OpenBSD/amd64 BOOT 3.33
Disk    BIOS#   Type    Cyls    Heads   Secs    Flags   Checksum
hd0     0x80    label   1023    255     63      0x2     0xdce59776
hd1     0x81    label   1023    255     63      0x2     0x2db005d6
Region 0: type 1 at 0x0 for 639KB
Region 1: type 2 at 0x9fc00 for 1KB
Region 2: type 2 at 0xf0000 for 64KB
Region 3: type 1 at 0x100000 for 2096000KB
Region 4: type 2 at 0x7ffe0000 for 128KB
Region 5: type 2 at 0xfeffc000 for 16KB
Region 6: type 2 at 0xfffc0000 for 256KB
Low ram: 639KB  High ram: 2096000KB
Total free memory: 2096639KB
boot> 
booting hd0a:bsd.rd.new: 3396680+1430528+3876632+0+606208 
[72+431976+281240]=0x9914c8
entry point at 0x1001000 [7205c766, 34000004, 24448b12, 3550a304]
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.0-current (RAMDISK_CD) #103: Wed Jan  4 21:48:20 MST 2017
    bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 2130575360 (2031MB)
avail mem = 2062315520 (1966MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf0cd0 (9 entries)
bios0: vendor SeaBIOS version 
"rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP SSDT APIC HPET
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Common KVM processor, 3400.46 MHz
cpu0: 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: apic clock running at 1000MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu at acpi0 not configured
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
vga1: aperture needed
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00
virtio0: no matching child driver; not configured
virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio1
scsibus1 at vioblk0: 2 targets
sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed
sd0: 32768MB, 512 bytes/sector, 67108864 sectors
virtio1: msix shared
virtio2 at pci0 dev 11 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk1 at virtio2
scsibus2 at vioblk1: 2 targets
sd1 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed
sd1: 51200MB, 512 bytes/sector, 104857600 sectors
virtio2: msix shared
virtio3 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio3: address 8a:2e:d1:64:f7:6b
virtio3: msix shared
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay1
uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 
2.00/0.00 addr 2
uhidev0: iclass 3/0
uhid at uhidev0 not configured
softraid0 at root
scsibus3 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T

Welcome to the OpenBSD/amd64 6.0 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? a
DHCPDISCOVER on vio0 - interval 1
DHCPOFFER from 10.1.2.1 (00:08:a2:0a:73:bd)
DHCPREQUEST on vio0 to 255.255.255.255
DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd)
bound to 10.1.2.7 -- renewal in 302400 seconds.
Fetching 
http://tarpit/config/openbsd/amd64/8a:2e:d1:64:f7:6b-upgrade.conf?path=snapshots/amd64
Fetching 
http://tarpit/config/openbsd/amd64/obsd64-upgrade.conf?path=snapshots/amd64
Performing non-interactive upgrade...
Terminal type? [vt220] vt220
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0] sd0
Checking root filesystem (fsck -fp /dev/sd0a)...OK.
Mounting root filesystem (mount -o ro /dev/sd0a /mnt)...OK.
DHCPREQUEST on vio0 to 255.255.255.255
DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd)
bound to 10.1.2.7 -- renewal in 302400 seconds.
Force checking of clean non-root filesystems? [no] no
fsck -p 8f3e304cddb66a7a.g...OK.
fsck -p 8f3e304cddb66a7a.f...OK.
fsck -p 8f3e304cddb66a7a.l...OK.
fsck -p c1a908809de1d866.o...OK.
fsck -p 8f3e304cddb66a7a.e...OK.
/dev/sd0a (8f3e304cddb66a7a.a) on /mnt type ffs (rw, local)
/dev/sd0g (8f3e304cddb66a7a.g) on /mnt/home type ffs (rw, local, nodev, nosuid)
/dev/sd0f (8f3e304cddb66a7a.f) on /mnt/usr type ffs (rw, local, nodev)
/dev/sd0l (8f3e304cddb66a7a.l) on /mnt/usr/local type ffs (rw, local, nodev, 
wxallowed)
/dev/sd1o (c1a908809de1d866.o) on /mnt/usr/obj type ffs (rw, asynchronous, 
local, nodev, nosuid)
/dev/sd0e (8f3e304cddb66a7a.e) on /mnt/var type ffs (rw, local, nodev, nosuid)

Let's upgrade the sets!
Location of sets? (cd0 disk http or 'done') [http] http
HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none
HTTP Server? (hostname, list#, 'done' or '?') [10.1.2.15] 10.1.2.15
Server directory? [pub/OpenBSD/snapshots/amd64] pub/OpenBSD/snapshots/amd64
ftp: SSL write error: certificate verification failed: self signed certificate
Looked at https://10.1.2.15/pub/OpenBSD/snapshots/amd64 and found no 
OpenBSD/amd64 6.0 sets.  The set names looked for were:
    bsd               comp60.tgz        xshare60.tgz      site60-obsd64.tgz
    bsd.rd            man60.tgz         xfont60.tgz
    bsd.mp            game60.tgz        xserv60.tgz
    base60.tgz        xbase60.tgz       site60.tgz
failed; check /tmp/ai/ai.log

Reply via email to