On Tue, 2010-05-11 at 13:08 +0100, David Woodhouse wrote: > On Wed, 2010-02-03 at 07:32 +0000, David Woodhouse wrote: > > On Mon, 2010-02-01 at 11:32 +0100, Johannes Becker wrote: > > > Hi, > > > > > > does openconnect check the server certificate? > > > > Yes, but only if you use the --cafile option, and it doesn't check the > > server name against the subject of the certificate. I'll look at > > fixing the latter. > > I've fixed both of those in the git tree now, although the latter still > has most of the caveats from my original version posted in February. > > I haven't yet done a '--nocertcheck' option, but I'll probably do that > shortly. It is all now implemented -- it even accepts URI altnames (although only if they specify a server with no path), and IP address altnames as long as the server was specified by IP address in the first place. Please review and test it; I'd like to do a new release fairly shortly. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation
