RFC: PATCH remember certificate
David Woodhouse
dwmw2 at infradead.org
Mon Mar 31 10:45:30 EDT 2014
On Sun, 2014-03-30 at 11:57 +0200, Nikos Mavrogiannopoulos wrote:
> Hello,
> What do you think of having openconnect remember the public keys of the
> hosts that have been explicitly accepted? That would make its usage
> close to ssh, except that this will only take effect when PKI fails (not
> sure if that's necessarily good).
>
> This is patch: "Remember the public keys of hosts that have been
> explicitly accepted." in:
>
> git://gitorious.org/openconnect-x/openconnect-x.git remember-pubkey
>
> Currently it uses the gnutls default file to store the public keys, but
> it can be overriden from the command line or
> openconnect_set_pubkeyfile().
Hm, I think I'd rather encourage people to fetch the CA file and do
things properly.
FWIW the NetworkManager authentication dialog *will* remember servers'
public keys after you manually accept them. The library offers a cert
acceptance callback, which lets it remember the ones that the user
accepted.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140331/2228e8b7/attachment-0001.bin>
More information about the openconnect-devel
mailing list