Package: davfs2 Version: 1.2.1-2 When I invoke mount.davfs, it ask me __first__ the login/password and __then__ wether to accept the server certificate. It is minor (except if the credentials are sent to the server before the user has validate the certificate...), but I think it would make sense to ask the user to first check the certificate and then ask his login/password.
# mount.davfs -t davfs [URL] [mountpoint] Please enter the username to authenticate with server [URL] or hit enter for none. Username: [MyUserName] Please enter the password to authenticate user [MyUserName] with server [URL] or hit enter for none. Password: /sbin/mount.davfs: the server certificate has expired /sbin/mount.davfs: the server certificate is not trusted issuer: XXXXXXXXXXXXXXXXX subject: XXXXXXXXXXXXXXXXX identity: XXXXXXXXXXXXXXXXXX fingerprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX You only should accept this certificate, if you can verify the fingerprint! The server might be faked or there might be a man-in-the-middle-attack. Accept certificate for this session? [y,N] Regards, Mathieu DELAPLACE
