Checking the server certificate
David Woodhouse
dwmw2 at infradead.org
Wed Feb 3 02:32:14 EST 2010
On Mon, 2010-02-01 at 11:32 +0100, Johannes Becker wrote:
> Hi,
>
> does openconnect check the server certificate?
Yes, but only if you use the --cafile option, and it doesn't check the
server name against the subject of the certificate. I'll look at fixing
the latter.
> I supplied the server cert using --servercert,
> but I always get the message
>
> Server SSL certificate didn't match: 8315d5412c1a2adb6995fc575a30d949cd5ade43
>
> This message is wrong, as far as I can see.
Ah yes, it wasn't a case-insensitive comparison and it expected
capitals. Fixed in git.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
More information about the openconnect-devel
mailing list