--servercert option is insecure

Ryan Taylor rptaylor at uvic.ca
Thu May 10 14:45:22 PDT 2018

Fedora 27. The stuff in /etc/pki, specifically /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt I believe, from the ca-certificates-2018.2.22-1.0.fc27.noarch package.


Ryan Taylor
Research Computing Specialist
Research Computing Services, University Systems
University of Victoria

From: David Woodhouse <dwmw2 at infradead.org>
Sent: May 10, 2018 2:37 PM
To: Ryan Taylor; Nikos Mavrogiannopoulos; Daniel Lenski
Cc: openconnect-devel at lists.infradead.org
Subject: Re: --servercert option is insecure

On Thu, 2018-05-10 at 21:28 +0000, Ryan Taylor wrote:
> (Side side note: the reason this came up in the first place is that
> our certificate is not being recognized by openconnect, despite (as
> far as I can tell) being signed by a CA that is included in the trust
> store of the OS, and being accepted by firefox.)

Which OS, and what is "the trust store of the OS"?


More information about the openconnect-devel mailing list