Server certificate hash checking
David Woodhouse
dwmw2 at infradead.org
Wed Dec 31 08:19:35 PST 2014
> I think it will be confusing to use a different ID for the software to
> detect a changed certificate and another for a human.
No. The human is never involved in the check for a changed certificate.
The human is only ever asked if *this* certificate, right now, is the
current certificate they expect from the server.
They are different things, and one is fairly much transparent to the user
anyway.
To be honest though, there's a limit to how much I can bring myself to
care about this use case. By the time we're presenting a cert to the user
in *any* form for manual acceptance, 99% of the time the game is already
lost. The user is just going to click "yes" without doing any check at
all. If you want security you *need* to install the CA and make the cert
validate properly.
Manually accepting the cert is going to be unsafe but at least we can help
*later* connections by spotting when it changes.
--
dwmw2
More information about the openconnect-devel
mailing list