[Mutt] #3914: mutt stores duplicate certificates into $certificate-file on hostname mismatch and interactive_check_cert = "allow always"

Sun, 12 Feb 2017 10:39:06 -0800 

#3914: mutt stores duplicate certificates into $certificate-file on hostname
mismatch and interactive_check_cert = "allow always"
--------------------+----------------------
 Reporter:  m-a     |      Owner:  mutt-dev
     Type:  defect  |     Status:  new
 Priority:  minor   |  Milestone:  1.8
Component:  crypto  |    Version:  1.7.2
 Keywords:          |
--------------------+----------------------
 related to #1943, but not the same.
 I am currently using a certificate that does not match the hostname
 because I'm using "-f imaps://localhost/...", but it is for a FQDN, and
 now I have a dozen VERBATIM IDENTICAL copies of that mismatched
 certificate (per subject hash) in my ~/.mutt_certificates file...

 {{{
 # split ~/.mutt_certificates into F1 F2 F3 ... files
 awk '/^-----BEGIN/{x="F" ++i;}{if (x) {print > x;}}' ~/.mutt_certificates
 # obtain the contained certificates' hashes, sort, and count unique ones.
 for i in F[0-9]* ; do printf "%s: " $i ; openssl x509 -subject_hash <$i
 -noout ; done \
 | sort -n | cut -f2 -d: | uniq -c | sort -n
 }}}

 I suggest that mutt should NEVER write a certificate that's already
 present in ~/.mutt_certificates.

 Whether it should query about it (especially with a host mismatch) is a
 different matter because my answer may only be valid for the hostname-
 certificate combination, and not the certificate on its own.

 No time to fully debug that part now though, it happens here on the return
 interactive_check_cert()

 {{{
   /* check hostname only for the leaf certificate */
   buf[0] = 0;
   if (pos == 0 && option (OPTSSLVERIFYHOST) != MUTT_NO)
   {
     if (!check_host (cert, host, buf, sizeof (buf)))
     {
       mutt_error (_("Certificate host check failed: %s"), buf);
       mutt_sleep (2);
       return interactive_check_cert (cert, pos, len);
     }
     dprint (2, (debugfile, "ssl_verify_callback: hostname check
 passed\n"));
   }
 }}}


 where we call interactive_check_cert, which in itself does not check if
 the certificate it is about to store is a duplicate.

 I can't currently propose where it's best to avoid the duplication of
 certificates, whether you defer this to interactive_check_cert() or place
 it elsewhere.

 Workaround for the user: only accept hostname match once.

--
Ticket URL: <https://dev.mutt.org/trac/ticket/3914>
Mutt <http://www.mutt.org/>
The Mutt mail user agent

Reply via email to