#3916: Mutt 1.8: TOFU host certificate not working
----------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone: 1.8
Component: crypto | Version:
Keywords: tofu |
----------------------+----------------------
After upgrading mutt from 1.7.2 to 1.8.0 (using arch linux)
I got a warning after connection to my provider about the used
certificate.
I use this approach
https://gist.github.com/bnagy/8914f712f689cc01c267#tofu
to specify only the host certificate instead of relying on certificate
authorities.
Until the update this worked fine but with mutt 1.8.0 the host certificate
is no longer accepted, only the CA certificate can be used anymore.
With mutt 1.7.2 I could reject the CA certificate and would be asked to
accept the host cert instead, but in version 1.8 the following error
appears instead:
{{{
SSL failed: error:0906D06C:PEM routines:PEM_read_bio:no start line
}}}
I suspect this has to do with the following change mentioned in the
release notes:
{{{
! Mutt will now use the built-in OpenSSL SSL_set_verify() callback
to verify certificates. This allows better support for verifying
chains, including alternative chain support.
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
