Server certificate hash checking

David Woodhouse dwmw2 at infradead.org
Wed Dec 31 08:19:35 PST 2014


> I think it will be confusing to use a different ID for the software to
> detect a changed certificate and another for a human.

No. The human is never involved in the check for a changed certificate.
The human is only ever asked if *this* certificate, right now, is the
current certificate they expect from the server.

They are different things, and one is fairly much transparent to the user
anyway.

To be honest though, there's a limit to how much I can bring myself to
care about this use case. By the time we're presenting a cert to the user
in *any* form for manual acceptance, 99% of the time the game is already
lost. The user is just going to click "yes" without doing any check at
all. If you want security you *need* to install the CA and make the cert
validate properly.

Manually accepting the cert is going to be unsafe but at least we can help
*later* connections by spotting when it changes.

-- 
dwmw2




More information about the openconnect-devel mailing list