<div dir="ltr"><div class="gmail_quote"><div dir="ltr">Hello,<div><br></div><div>We've noticed higher than normal issues chain loading domains using https. Rebuilding ipxe with <i>make DEBUG=tls,x509,validator bin/undionly.kpxe</i> gives the following error.</div><div><div><img src="cid:ii_k4yqbphm0" alt="image.png" width="542" height="311"><br></div></div><div><i><font face="monospace">VALIDATOR 0x30f04 "<a href="http://netboot.xyz" target="_blank">netboot.xyz</a>" checking "iPXE cross-signiing CA" via <a href="http://ocsp.ipxe.org/ocsp/root/MEI." target="_blank">http://ocsp.ipxe.org/ocsp/root/MEI.</a>..<br>VALIDATOR 0x30f04 "<a href="http://netboot.xyz" target="_blank">netboot.xyz</a>" transfer failed: No such file or directory (<a href="http://ipxe.org/2d0c613b" target="_blank">http://ipxe.org/2d0c613b</a>)</font></i></div><div><i><br></i></div><div>Here I am passing <i><a href="https://boot.netboot.xyz/ipxe/netboot.xyz.lkrn" target="_blank">https://boot.netboot.xyz/ipxe/netboot.xyz.lkrn</a></i> as the filename in iscdhcpd, however this has failed with any site I've tested using https with the same error.</div><div><br></div><div>My environment is VMWare Workstation with 2 vms. PXE host and client<br>PXE Host is running Centos 7 with iscdhcpd and tftpd</div><div><br></div><div>iPXE version is latest github master <a href="https://github.com/ipxe/ipxe/commit/18dc73d27edb55ebe9cb13c58d59af3da3bd374b" style="box-sizing:border-box;background-color:rgb(241,248,255);color:rgb(68,77,86);text-decoration-line:none;display:inline-block;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,monospace;font-size:11.7px;white-space:nowrap;margin-right:4px" target="_blank">18dc73d</a> and I have src/config/local/general.h with</div><div><font face="monospace">#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */<br>#define NSLOOKUP_CMD /* DNS resolving command */<br>#define NTP_CMD /* NTP commands */</font><br></div><div><br></div><div>Disabling OCSP_CHECK resolves this error, but we would prefer not to do that.</div><div><br></div><div>It seems to me like the ocsp service might be having issues, but wanted to see if similar reports have come in and if someone had any ideas of how I could go about solving this?</div><div><br></div><div>Appreciate the help!</div><div>- Mike</div></div>
</div></div>