Server certificate hash checking
David Woodhouse
dwmw2 at infradead.org
Fri Jan 2 01:42:16 PST 2015
On Fri, 2015-01-02 at 11:02 +0200, Nikos Mavrogiannopoulos wrote:
> On Wed, 2014-12-31 at 09:06 -0800, Kevin Cernekee wrote:
>
> > One thing that might help here is for frontends like luci-ocserv to
> > report the expected cert fingerprint in a prominent location, and
> warn
> > the user against accepting any new certs if they didn't change the
> > ocserv configuration. If this page can be viewed in read-only mode
> > without logging in to the router, that is even better.
>
> The latter is probably difficult
Forgot to mention: it's not that hard. I seem to have added the UPS
status to the status bar on my OpenWRRT installation, which is visible
even on the login page.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150102/e89a7a6c/attachment-0001.bin>
More information about the openconnect-devel
mailing list