On Wed, 2016-09-07 at 21:27 +0200, Dennis Knorr wrote: > You're right for production. But for Testing and Development, i would? > rather prefer that you keep it :) Perhaps just remove it from? > documentation *cough* I can't think of a really valid use case. Here's what happens when I connect to a test server with an invalid cert: $ ./openconnect [::1]:443 POST https://[::1]/ Connected to [::1]:443 SSL negotiation with [::1] Server certificate verify failed: unable to get local issuer certificate Certificate from VPN server "[::1]" failed verification. Reason: unable to get local issuer certificate To trust this server in future, perhaps add this to your command line: ????--servercert sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa3 Enter 'yes' to accept, 'no' to abort; anything else to view:? It *tells* me how to shut it up... $ ./openconnect [::1]:443 --servercert sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa3 POST https://[::1]/ Connected to [::1]:443 SSL negotiation with [::1] Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on [::1] XML POST enabled Please enter your username. Username: And the NetworkManager?GUI will basically do that automatically for you when you accept the invalid cert for the first time. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5760 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160907/f825d737/attachment.bin>
