What's the point of installing over https if you don't care about validating
the cert?
On January 5, 2017 12:24:11 PM GMT+01:00, RD Thrush <open...@st.thrush.com>
wrote:
>Rather than add load to the OpenBSD snapshot servers, for years I
>download a snapshot to a local netgear nas server. With the recent
>https changes, I'm no longer able to install from that server. I've
>appended a console log of a failed install attempt.
>
>Per src/distrib/miniroot/install.sub v1.940, I added the recommended
>question to the response file, ie.
>Unable to connect using https. Use http instead = yes
>
>However, the "ftp: SSL write error: certificate verification failed:
>self signed certificate" message causes the install to abort.
>
>Here's the patch I used to account for the self signed certificate:
>Index: install.sub
>===================================================================
>RCS file: /cvs/src/distrib/miniroot/install.sub,v
>retrieving revision 1.942
>diff -u -p -u -p -r1.942 install.sub
>--- install.sub 4 Jan 2017 13:47:29 -0000 1.942
>+++ install.sub 5 Jan 2017 11:12:32 -0000
>@@ -1578,7 +1578,7 @@ install_http() {
>
> # Consider the https connect failed either if it was refused by
> # the server, or it took longer than -w sec (exit code 2).
>- if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] ) ||
>+ if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] ||
>[[
>$_err == *'self signed'* ]] ) ||
> (($_rc == 2)); then
> ask_yn "Unable to connect using https. Use http
> instead?" ||
> return
>
>
>######## serial console #########
>>> OpenBSD/amd64 BOOT 3.33
>Disk BIOS# Type Cyls Heads Secs Flags Checksum
>hd0 0x80 label 1023 255 63 0x2 0xdce59776
>hd1 0x81 label 1023 255 63 0x2 0x2db005d6
>Region 0: type 1 at 0x0 for 639KB
>Region 1: type 2 at 0x9fc00 for 1KB
>Region 2: type 2 at 0xf0000 for 64KB
>Region 3: type 1 at 0x100000 for 2096000KB
>Region 4: type 2 at 0x7ffe0000 for 128KB
>Region 5: type 2 at 0xfeffc000 for 16KB
>Region 6: type 2 at 0xfffc0000 for 256KB
>Low ram: 639KB High ram: 2096000KB
>Total free memory: 2096639KB
>boot>
>booting hd0a:bsd.rd.new: 3396680+1430528+3876632+0+606208
>[72+431976+281240]=0x9914c8
>entry point at 0x1001000 [7205c766, 34000004, 24448b12, 3550a304]
>Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California. All rights reserved.
>Copyright (c) 1995-2017 OpenBSD. All rights reserved.
>https://www.OpenBSD.org
>
>OpenBSD 6.0-current (RAMDISK_CD) #103: Wed Jan 4 21:48:20 MST 2017
> bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
>real mem = 2130575360 (2031MB)
>avail mem = 2062315520 (1966MB)
>mainbus0 at root
>bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf0cd0 (9 entries)
>bios0: vendor SeaBIOS version
>"rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org" date
>04/01/2014
>bios0: QEMU Standard PC (i440FX + PIIX, 1996)
>acpi0 at bios0: rev 0
>acpi0: tables DSDT FACP SSDT APIC HPET
>acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
>cpu0 at mainbus0: apid 0 (boot processor)
>cpu0: Common KVM processor, 3400.46 MHz
>cpu0:
>FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF
>cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
>64b/line 16-way L2 cache
>cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>cpu0: apic clock running at 1000MHz
>cpu at mainbus0: not configured
>ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
>acpiprt0 at acpi0: bus 0 (PCI0)
>acpicpu at acpi0 not configured
>"ACPI0006" at acpi0 not configured
>"PNP0303" at acpi0 not configured
>"PNP0F13" at acpi0 not configured
>"PNP0700" at acpi0 not configured
>"PNP0501" at acpi0 not configured
>"PNP0A06" at acpi0 not configured
>"ACPI0007" at acpi0 not configured
>"ACPI0007" at acpi0 not configured
>pvbus0 at mainbus0: KVM
>pci0 at mainbus0 bus 0
>pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
>"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
>pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
>channel 0 wired to compatibility, channel 1 wired to compatibility
>pciide0: channel 0 disabled (no drives)
>atapiscsi0 at pciide0 channel 1 drive 0
>scsibus0 at atapiscsi0: 2 targets
>cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom
>removable
>cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
>uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int
>11
>"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
>vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
>vga1: aperture needed
>wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
>virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00
>virtio0: no matching child driver; not configured
>virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00
>vioblk0 at virtio1
>scsibus1 at vioblk0: 2 targets
>sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct
>fixed
>sd0: 32768MB, 512 bytes/sector, 67108864 sectors
>virtio1: msix shared
>virtio2 at pci0 dev 11 function 0 "Qumranet Virtio Storage" rev 0x00
>vioblk1 at virtio2
>scsibus2 at vioblk1: 2 targets
>sd1 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct
>fixed
>sd1: 51200MB, 512 bytes/sector, 104857600 sectors
>virtio2: msix shared
>virtio3 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00
>vio0 at virtio3: address 8a:2e:d1:64:f7:6b
>virtio3: msix shared
>usb0 at uhci0: USB revision 1.0
>uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
>1.00/1.00 addr 1
>isa0 at mainbus0
>com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>com0: console
>pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>pckbd0 at pckbc0 (kbd slot)
>wskbd0 at pckbd0: console keyboard, using wsdisplay1
>uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB
>Tablet" rev 2.00/0.00 addr 2
>uhidev0: iclass 3/0
>uhid at uhidev0 not configured
>softraid0 at root
>scsibus3 at softraid0: 256 targets
>root on rd0a swap on rd0b dump on rd0b
>erase ^?, werase ^W, kill ^U, intr ^C, status ^T
>
>Welcome to the OpenBSD/amd64 6.0 installation program.
>(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? a
>DHCPDISCOVER on vio0 - interval 1
>DHCPOFFER from 10.1.2.1 (00:08:a2:0a:73:bd)
>DHCPREQUEST on vio0 to 255.255.255.255
>DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd)
>bound to 10.1.2.7 -- renewal in 302400 seconds.
>Fetching
>http://tarpit/config/openbsd/amd64/8a:2e:d1:64:f7:6b-upgrade.conf?path=snapshots/amd64
>Fetching
>http://tarpit/config/openbsd/amd64/obsd64-upgrade.conf?path=snapshots/amd64
>Performing non-interactive upgrade...
>Terminal type? [vt220] vt220
>Available disks are: sd0 sd1.
>Which disk is the root disk? ('?' for details) [sd0] sd0
>Checking root filesystem (fsck -fp /dev/sd0a)...OK.
>Mounting root filesystem (mount -o ro /dev/sd0a /mnt)...OK.
>DHCPREQUEST on vio0 to 255.255.255.255
>DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd)
>bound to 10.1.2.7 -- renewal in 302400 seconds.
>Force checking of clean non-root filesystems? [no] no
>fsck -p 8f3e304cddb66a7a.g...OK.
>fsck -p 8f3e304cddb66a7a.f...OK.
>fsck -p 8f3e304cddb66a7a.l...OK.
>fsck -p c1a908809de1d866.o...OK.
>fsck -p 8f3e304cddb66a7a.e...OK.
>/dev/sd0a (8f3e304cddb66a7a.a) on /mnt type ffs (rw, local)
>/dev/sd0g (8f3e304cddb66a7a.g) on /mnt/home type ffs (rw, local, nodev,
>nosuid)
>/dev/sd0f (8f3e304cddb66a7a.f) on /mnt/usr type ffs (rw, local, nodev)
>/dev/sd0l (8f3e304cddb66a7a.l) on /mnt/usr/local type ffs (rw, local,
>nodev, wxallowed)
>/dev/sd1o (c1a908809de1d866.o) on /mnt/usr/obj type ffs (rw,
>asynchronous, local, nodev, nosuid)
>/dev/sd0e (8f3e304cddb66a7a.e) on /mnt/var type ffs (rw, local, nodev,
>nosuid)
>
>Let's upgrade the sets!
>Location of sets? (cd0 disk http or 'done') [http] http
>HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none
>HTTP Server? (hostname, list#, 'done' or '?') [10.1.2.15] 10.1.2.15
>Server directory? [pub/OpenBSD/snapshots/amd64]
>pub/OpenBSD/snapshots/amd64
>ftp: SSL write error: certificate verification failed: self signed
>certificate
>Looked at https://10.1.2.15/pub/OpenBSD/snapshots/amd64 and found no
>OpenBSD/amd64 6.0 sets. The set names looked for were:
>bsd comp60.tgz xshare60.tgz site60-obsd64.tgz
> bsd.rd man60.tgz xfont60.tgz
> bsd.mp game60.tgz xserv60.tgz
> base60.tgz xbase60.tgz site60.tgz
>failed; check /tmp/ai/ai.log
