openconnect: when serverhash or cafile are present, set --no-system-trust

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index 30513f6b4f9e31ec134b20f5322d45d2522fb6b8..307e3a758f7645b2f29ba0d9aa0e0bef5aaf8a41 100755 (executable)
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -38,10 +38,10 @@ proto_openconnect_setup() {
 
        cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
 
-       [ -f /etc/openconnect/ca-vpn-$config.pem ] && append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
+       [ -f /etc/openconnect/ca-vpn-$config.pem ] && append cmdline "--no-system-trust --cafile /etc/openconnect/ca-vpn-$config.pem"
        [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
        [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
-       [ -n "$serverhash" ] && append cmdline "--servercert=$serverhash"
+       [ -n "$serverhash" ] && append cmdline "--no-system-trust --servercert=$serverhash"
        [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
        [ -n "$username" ] && append cmdline "-u $username"
        [ -n "$password" ] && {