Hello, I'm trying to resubmit the scripts for openconnect in openwrt's luci interface. Currently the most difficult part in the interface is specifying the server certificate. There no tools installed by default in openwrt that can fetch the server's certificate, and there is no way to calculate the SHA1 hash of the certificate as well. Thus it becomes a pretty geeky interface that very few people will be able to use. Said that I think it would be really good for openconnect to have a mode trust on first use (thus no certificate will need to be specified), or at least a flag --print-hash or so that will allow running openconnect to obtain the server's certificate hash (and thus the web interface will be able to calculate the hash without other dependencies). What do you think of these two options? (mostly a question to David but other opinions are welcome) regards, Nikos
