Removing --no-cert-check
dennis knorr
dennis.knorr at gmx.net
Wed Sep 7 13:20:29 PDT 2016
Hi,
On 07.09.2016 21:43, David Woodhouse wrote:
> On Wed, 2016-09-07 at 21:27 +0200, Dennis Knorr wrote:
>> You're right for production. But for Testing and Development, i would
>> rather prefer that you keep it :) Perhaps just remove it from
>> documentation *cough*
>
> I can't think of a really valid use case. Here's what happens when I
> connect to a test server with an invalid cert:
well, with other products i used parameters like that to isolate errors
in programs. program fails -> perhaps on checking stuff X? -> disable
and look if the error is still happening :)
> $ ./openconnect [::1]:443
> POST https://[::1]/
> Connected to [::1]:443
> SSL negotiation with [::1]
> Server certificate verify failed: unable to get local issuer certificate
i cannot try this, because at least atm we connect against a cisco asa.
But it is on our todo, to setup a ocserv.
> And the NetworkManager GUI will basically do that automatically for you
> when you accept the invalid cert for the first time.
Like i said, i used such parameters for diagnostic measures :)
More information about the openconnect-devel
mailing list