Hi, On 07.09.2016 21:43, David Woodhouse wrote: > On Wed, 2016-09-07 at 21:27 +0200, Dennis Knorr wrote: >> You're right for production. But for Testing and Development, i would >> rather prefer that you keep it :) Perhaps just remove it from >> documentation *cough* > > I can't think of a really valid use case. Here's what happens when I > connect to a test server with an invalid cert: well, with other products i used parameters like that to isolate errors in programs. program fails -> perhaps on checking stuff X? -> disable and look if the error is still happening :) > $ ./openconnect [::1]:443 > POST https://[::1]/ > Connected to [::1]:443 > SSL negotiation with [::1] > Server certificate verify failed: unable to get local issuer certificate i cannot try this, because at least atm we connect against a cisco asa. But it is on our todo, to setup a ocserv. > And the NetworkManager GUI will basically do that automatically for you > when you accept the invalid cert for the first time. Like i said, i used such parameters for diagnostic measures :)
