openwrt + openconnect

Nikos Mavrogiannopoulos nmav at
Wed Jun 4 23:18:15 PDT 2014

 I'm trying to resubmit the scripts for openconnect in openwrt's luci
interface. Currently the most difficult part in the interface is
specifying the server certificate. There no tools installed by default
in openwrt that can fetch the server's certificate, and there is no way
to calculate the SHA1 hash of the certificate as well. Thus it becomes a
pretty geeky interface that very few people will be able to use. 

Said that I think it would be really good for openconnect to have a mode
trust on first use (thus no certificate will need to be specified), or
at least a flag --print-hash or so that will allow running openconnect
to obtain the server's certificate hash (and thus the web interface will
be able to calculate the hash without other dependencies). What do you
think of these two options? (mostly a question to David but other
opinions are welcome)


More information about the openconnect-devel mailing list