On Mon, 2010-02-01 at 11:32 +0100, Johannes Becker wrote: > Hi, > > does openconnect check the server certificate? Yes, but only if you use the --cafile option, and it doesn't check the server name against the subject of the certificate. I'll look at fixing the latter. > I supplied the server cert using --servercert, > but I always get the message > > Server SSL certificate didn't match: 8315d5412c1a2adb6995fc575a30d949cd5ade43 > > This message is wrong, as far as I can see. Ah yes, it wasn't a case-insensitive comparison and it expected capitals. Fixed in git. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation