Re: openbsd.org ocsp verify failed: ocsp response not current

Wed, 16 Apr 2025 13:22:33 -0700 

Am Mi., 16. Apr. 2025 um 22:09 Uhr schrieb Bryce Chidester <br...@cobryce.com>:
> Here's Linux/curl for example.
> $ curl --cert-status https://www.openbsd.org
> curl: (91) OCSP response has expired

Can reproduce on 7.5:

> curl --cert-status --verbose https://www.openbsd.org
* Host www.openbsd.org:443 was resolved.
* IPv6: 2620:3d:c000:178::80
* IPv4: 199.185.178.80
*   Trying [2620:3d:c000:178::80]:443...
* Connected to www.openbsd.org (2620:3d:c000:178::80) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: CN=www.openbsd.org
*  start date: Apr  4 15:53:55 2025 GMT
*  expire date: Jul  3 15:53:54 2025 GMT
*  subjectAltName: host "www.openbsd.org" matched cert's "www.openbsd.org"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
*   Certificate level 0: Public key type ? (4096/128 Bits/secBits),
signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type ? (2048/112 Bits/secBits),
signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type ? (4096/128 Bits/secBits),
signed using sha256WithRSAEncryption
* OCSP response has expired
* closing connection #0
curl: (91) OCSP response has expired

Reply via email to