On Sun, 2014-03-30 at 11:57 +0200, Nikos Mavrogiannopoulos wrote: > Hello, > What do you think of having openconnect remember the public keys of the > hosts that have been explicitly accepted? That would make its usage > close to ssh, except that this will only take effect when PKI fails (not > sure if that's necessarily good). > > This is patch: "Remember the public keys of hosts that have been > explicitly accepted." in: > > git://gitorious.org/openconnect-x/openconnect-x.git remember-pubkey > > Currently it uses the gnutls default file to store the public keys, but > it can be overriden from the command line or > openconnect_set_pubkeyfile(). Hm, I think I'd rather encourage people to fetch the CA file and do things properly. FWIW the NetworkManager authentication dialog *will* remember servers' public keys after you manually accept them. The library offers a cert acceptance callback, which lets it remember the ones that the user accepted. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140331/2228e8b7/attachment-0001.bin>
