--servercert option is insecure
Ryan Taylor
rptaylor at uvic.ca
Thu May 10 14:45:22 PDT 2018
Fedora 27. The stuff in /etc/pki, specifically /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt I believe, from the ca-certificates-2018.2.22-1.0.fc27.noarch package.
Thanks,
-rt
Ryan Taylor
Research Computing Specialist
Research Computing Services, University Systems
University of Victoria
________________________________________
From: David Woodhouse <dwmw2 at infradead.org>
Sent: May 10, 2018 2:37 PM
To: Ryan Taylor; Nikos Mavrogiannopoulos; Daniel Lenski
Cc: openconnect-devel at lists.infradead.org
Subject: Re: --servercert option is insecure
On Thu, 2018-05-10 at 21:28 +0000, Ryan Taylor wrote:
>
> (Side side note: the reason this came up in the first place is that
> our certificate is not being recognized by openconnect, despite (as
> far as I can tell) being signed by a CA that is included in the trust
> store of the OS, and being accepted by firefox.)
Which OS, and what is "the trust store of the OS"?
--
dwmw2
More information about the openconnect-devel
mailing list