RFC: PATCH remember certificate

David Woodhouse dwmw2 at infradead.org
Mon Mar 31 10:45:30 EDT 2014


On Sun, 2014-03-30 at 11:57 +0200, Nikos Mavrogiannopoulos wrote:
> Hello,
>  What do you think of having openconnect remember the public keys of the
> hosts that have been explicitly accepted? That would make its usage
> close to ssh, except that this will only take effect when PKI fails (not
> sure if that's necessarily good).
> 
> This is patch: "Remember the public keys of hosts that have been
> explicitly accepted." in:
> 
> git://gitorious.org/openconnect-x/openconnect-x.git remember-pubkey
> 
> Currently it uses the gnutls default file to store the public keys, but
> it can be overriden from the command line or
> openconnect_set_pubkeyfile().

Hm, I think I'd rather encourage people to fetch the CA file and do
things properly.

FWIW the NetworkManager authentication dialog *will* remember servers'
public keys after you manually accept them. The library offers a cert
acceptance callback, which lets it remember the ones that the user
accepted.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140331/2228e8b7/attachment-0001.bin>


More information about the openconnect-devel mailing list