On Wed, 2010-02-03 at 07:32 +0000, David Woodhouse wrote: > On Mon, 2010-02-01 at 11:32 +0100, Johannes Becker wrote: > > Hi, > > > > does openconnect check the server certificate? > > Yes, but only if you use the --cafile option, and it doesn't check the > server name against the subject of the certificate. I'll look at > fixing the latter. I've fixed both of those in the git tree now, although the latter still has most of the caveats from my original version posted in February. I haven't yet done a '--nocertcheck' option, but I'll probably do that shortly. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation
