Checking the server certificate

David Woodhouse dwmw2 at infradead.org
Tue May 11 08:08:42 EDT 2010


On Wed, 2010-02-03 at 07:32 +0000, David Woodhouse wrote:
> On Mon, 2010-02-01 at 11:32 +0100, Johannes Becker wrote:
> > Hi,
> > 
> > does openconnect check the server certificate?
> 
> Yes, but only if you use the --cafile option, and it doesn't check the
> server name against the subject of the certificate. I'll look at
> fixing the latter. 

I've fixed both of those in the git tree now, although the latter still
has most of the caveats from my original version posted in February.

I haven't yet done a '--nocertcheck' option, but I'll probably do that
shortly.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation




More information about the openconnect-devel mailing list