Server certificate hash checking
David Woodhouse
dwmw2 at infradead.org
Wed Dec 31 08:27:31 PST 2014
> Wouldn't it help to get the new key fingerprint using a command of
> openconnect?
Well, openconnect will already show it when you try to connect, but it
might be useful to have a way to generate it for an arbitrary certificate
from a PEM file.
But in some cases the user already *has* the sha1 of the full cert, rather
than the full cert itself, and that's perfectly sufficient for them to
safely say "yes".
FWIW I had thought about other "utility" functions we should add too --
listing the available tap devices under Windows, and listing available
PKCS#11 certs/keys rather than requiring p11tool for that. OpenVPN does
both of those.
Happy (imminent) new year, BTW.
--
dwmw2
More information about the openconnect-devel
mailing list