Hello, What do you think of having openconnect remember the public keys of the hosts that have been explicitly accepted? That would make its usage close to ssh, except that this will only take effect when PKI fails (not sure if that's necessarily good). This is patch: "Remember the public keys of hosts that have been explicitly accepted." in: git://gitorious.org/openconnect-x/openconnect-x.git remember-pubkey Currently it uses the gnutls default file to store the public keys, but it can be overriden from the command line or openconnect_set_pubkeyfile(). regards, Nikos
