DEV Community

nabbisen
nabbisen

Posted on • Edited on • Originally published at obsd.solutions

OpenBSD pkg_add didn't work due to ocsp verify failed

What happened

Just after installing OpenBSD onto VirtualBox, I couldn't use syspatch and pkg_add due to the error:

$ doas pkg_add -u 
https://cdn.openbsd.org/pub/OpenBSD/7.0/packages-stable/amd64/: TLS handshake failure: ocsp verify failed: ocsp response not current
https://cdn.openbsd.org/pub/OpenBSD/7.0/packages/amd64/: TLS handshake failure: ocsp verify failed: ocsp response not current
https://cdn.openbsd.org/pub/OpenBSD/7.0/packages/amd64/: empty
Enter fullscreen mode Exit fullscreen mode

Nevertheless ping cdn.openbsd.org was successful.

Solution

I modified /etc/installurl:

$ doas vi /etc/installurl
Enter fullscreen mode Exit fullscreen mode

to switch to the FTP server:

- https://cdn.openbsd.org/pub/OpenBSD
+ https://ftp.openbsd.org/pub/OpenBSD
Enter fullscreen mode Exit fullscreen mode

Then it turned successful.

$ doas pkg_add -u
quirks-4.54 signed on 2022-02-12T18:54:43Z
quirks-4.54: ok
Enter fullscreen mode Exit fullscreen mode

Why happened (guess)

After a while (an hour), I reverted /etc/installurl:

- https://ftp.openbsd.org/pub/OpenBSD
+ https://cdn.openbsd.org/pub/OpenBSD
Enter fullscreen mode Exit fullscreen mode

It didn't bring any error:

$ doas pkg_add -u
quirks-4.54 signed on 2022-02-12T18:54:43Z
Enter fullscreen mode Exit fullscreen mode

To my surprise, It may have been fixed over time. Apart from it, the first success may have done.

I guess it was because ntp status. I perhaps had never met the failure when installing OpenBSD onto physical server.

For information, the ntp status was below after the failure had been fixed:

$ doas ntpctl -s status
5/5 peers valid, constraint offset -32564s, clock unsynced, clock offset is -32561707.819ms
Enter fullscreen mode Exit fullscreen mode

Top comments (0)