What's the point of installing over https if you don't care about validating the cert?
On January 5, 2017 12:24:11 PM GMT+01:00, RD Thrush <open...@st.thrush.com> wrote: >Rather than add load to the OpenBSD snapshot servers, for years I >download a snapshot to a local netgear nas server. With the recent >https changes, I'm no longer able to install from that server. I've >appended a console log of a failed install attempt. > >Per src/distrib/miniroot/install.sub v1.940, I added the recommended >question to the response file, ie. >Unable to connect using https. Use http instead = yes > >However, the "ftp: SSL write error: certificate verification failed: >self signed certificate" message causes the install to abort. > >Here's the patch I used to account for the self signed certificate: >Index: install.sub >=================================================================== >RCS file: /cvs/src/distrib/miniroot/install.sub,v >retrieving revision 1.942 >diff -u -p -u -p -r1.942 install.sub >--- install.sub 4 Jan 2017 13:47:29 -0000 1.942 >+++ install.sub 5 Jan 2017 11:12:32 -0000 >@@ -1578,7 +1578,7 @@ install_http() { > > # Consider the https connect failed either if it was refused by > # the server, or it took longer than -w sec (exit code 2). >- if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] ) || >+ if ( (($_rc == 1)) && [[ $_err == *'Connection refused'* ]] || >[[ >$_err == *'self signed'* ]] ) || > (($_rc == 2)); then > ask_yn "Unable to connect using https. Use http > instead?" || > return > > >######## serial console ######### >>> OpenBSD/amd64 BOOT 3.33 >Disk BIOS# Type Cyls Heads Secs Flags Checksum >hd0 0x80 label 1023 255 63 0x2 0xdce59776 >hd1 0x81 label 1023 255 63 0x2 0x2db005d6 >Region 0: type 1 at 0x0 for 639KB >Region 1: type 2 at 0x9fc00 for 1KB >Region 2: type 2 at 0xf0000 for 64KB >Region 3: type 1 at 0x100000 for 2096000KB >Region 4: type 2 at 0x7ffe0000 for 128KB >Region 5: type 2 at 0xfeffc000 for 16KB >Region 6: type 2 at 0xfffc0000 for 256KB >Low ram: 639KB High ram: 2096000KB >Total free memory: 2096639KB >boot> >booting hd0a:bsd.rd.new: 3396680+1430528+3876632+0+606208 >[72+431976+281240]=0x9914c8 >entry point at 0x1001000 [7205c766, 34000004, 24448b12, 3550a304] >Copyright (c) 1982, 1986, 1989, 1991, 1993 > The Regents of the University of California. All rights reserved. >Copyright (c) 1995-2017 OpenBSD. All rights reserved. >https://www.OpenBSD.org > >OpenBSD 6.0-current (RAMDISK_CD) #103: Wed Jan 4 21:48:20 MST 2017 > bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD >real mem = 2130575360 (2031MB) >avail mem = 2062315520 (1966MB) >mainbus0 at root >bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf0cd0 (9 entries) >bios0: vendor SeaBIOS version >"rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org" date >04/01/2014 >bios0: QEMU Standard PC (i440FX + PIIX, 1996) >acpi0 at bios0: rev 0 >acpi0: tables DSDT FACP SSDT APIC HPET >acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat >cpu0 at mainbus0: apid 0 (boot processor) >cpu0: Common KVM processor, 3400.46 MHz >cpu0: >FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF >cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB >64b/line 16-way L2 cache >cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped >cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped >cpu0: apic clock running at 1000MHz >cpu at mainbus0: not configured >ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins >acpiprt0 at acpi0: bus 0 (PCI0) >acpicpu at acpi0 not configured >"ACPI0006" at acpi0 not configured >"PNP0303" at acpi0 not configured >"PNP0F13" at acpi0 not configured >"PNP0700" at acpi0 not configured >"PNP0501" at acpi0 not configured >"PNP0A06" at acpi0 not configured >"ACPI0007" at acpi0 not configured >"ACPI0007" at acpi0 not configured >pvbus0 at mainbus0: KVM >pci0 at mainbus0 bus 0 >pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 >"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured >pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, >channel 0 wired to compatibility, channel 1 wired to compatibility >pciide0: channel 0 disabled (no drives) >atapiscsi0 at pciide0 channel 1 drive 0 >scsibus0 at atapiscsi0: 2 targets >cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom >removable >cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 >uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int >11 >"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured >vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 >vga1: aperture needed >wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) >virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00 >virtio0: no matching child driver; not configured >virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00 >vioblk0 at virtio1 >scsibus1 at vioblk0: 2 targets >sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct >fixed >sd0: 32768MB, 512 bytes/sector, 67108864 sectors >virtio1: msix shared >virtio2 at pci0 dev 11 function 0 "Qumranet Virtio Storage" rev 0x00 >vioblk1 at virtio2 >scsibus2 at vioblk1: 2 targets >sd1 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct >fixed >sd1: 51200MB, 512 bytes/sector, 104857600 sectors >virtio2: msix shared >virtio3 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00 >vio0 at virtio3: address 8a:2e:d1:64:f7:6b >virtio3: msix shared >usb0 at uhci0: USB revision 1.0 >uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev >1.00/1.00 addr 1 >isa0 at mainbus0 >com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo >com0: console >pckbc0 at isa0 port 0x60/5 irq 1 irq 12 >pckbd0 at pckbc0 (kbd slot) >wskbd0 at pckbd0: console keyboard, using wsdisplay1 >uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB >Tablet" rev 2.00/0.00 addr 2 >uhidev0: iclass 3/0 >uhid at uhidev0 not configured >softraid0 at root >scsibus3 at softraid0: 256 targets >root on rd0a swap on rd0b dump on rd0b >erase ^?, werase ^W, kill ^U, intr ^C, status ^T > >Welcome to the OpenBSD/amd64 6.0 installation program. >(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? a >DHCPDISCOVER on vio0 - interval 1 >DHCPOFFER from 10.1.2.1 (00:08:a2:0a:73:bd) >DHCPREQUEST on vio0 to 255.255.255.255 >DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd) >bound to 10.1.2.7 -- renewal in 302400 seconds. >Fetching >http://tarpit/config/openbsd/amd64/8a:2e:d1:64:f7:6b-upgrade.conf?path=snapshots/amd64 >Fetching >http://tarpit/config/openbsd/amd64/obsd64-upgrade.conf?path=snapshots/amd64 >Performing non-interactive upgrade... >Terminal type? [vt220] vt220 >Available disks are: sd0 sd1. >Which disk is the root disk? ('?' for details) [sd0] sd0 >Checking root filesystem (fsck -fp /dev/sd0a)...OK. >Mounting root filesystem (mount -o ro /dev/sd0a /mnt)...OK. >DHCPREQUEST on vio0 to 255.255.255.255 >DHCPACK from 10.1.2.1 (00:08:a2:0a:73:bd) >bound to 10.1.2.7 -- renewal in 302400 seconds. >Force checking of clean non-root filesystems? [no] no >fsck -p 8f3e304cddb66a7a.g...OK. >fsck -p 8f3e304cddb66a7a.f...OK. >fsck -p 8f3e304cddb66a7a.l...OK. >fsck -p c1a908809de1d866.o...OK. >fsck -p 8f3e304cddb66a7a.e...OK. >/dev/sd0a (8f3e304cddb66a7a.a) on /mnt type ffs (rw, local) >/dev/sd0g (8f3e304cddb66a7a.g) on /mnt/home type ffs (rw, local, nodev, >nosuid) >/dev/sd0f (8f3e304cddb66a7a.f) on /mnt/usr type ffs (rw, local, nodev) >/dev/sd0l (8f3e304cddb66a7a.l) on /mnt/usr/local type ffs (rw, local, >nodev, wxallowed) >/dev/sd1o (c1a908809de1d866.o) on /mnt/usr/obj type ffs (rw, >asynchronous, local, nodev, nosuid) >/dev/sd0e (8f3e304cddb66a7a.e) on /mnt/var type ffs (rw, local, nodev, >nosuid) > >Let's upgrade the sets! >Location of sets? (cd0 disk http or 'done') [http] http >HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none >HTTP Server? (hostname, list#, 'done' or '?') [10.1.2.15] 10.1.2.15 >Server directory? [pub/OpenBSD/snapshots/amd64] >pub/OpenBSD/snapshots/amd64 >ftp: SSL write error: certificate verification failed: self signed >certificate >Looked at https://10.1.2.15/pub/OpenBSD/snapshots/amd64 and found no >OpenBSD/amd64 6.0 sets. The set names looked for were: >bsd comp60.tgz xshare60.tgz site60-obsd64.tgz > bsd.rd man60.tgz xfont60.tgz > bsd.mp game60.tgz xserv60.tgz > base60.tgz xbase60.tgz site60.tgz >failed; check /tmp/ai/ai.log