#3916: Mutt 1.8: TOFU host certificate not working
-----------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
-----------------------+----------------------
Changes (by kevin8t8):
* cc: mutt@… (added)
Comment:
Yes, the new verification does abort if you reject a certificate in the
chain. Accepting (o)nce should allow the connection without saving it to
your file.
I wonder if the "error:0906D06C:PEM routines:PEM_read_bio:no start line"
is a remnant from ssl_load_certificates() trying to read an empty cert
file. Perhaps we need to reset the err on rejecting.
The new behavior is the default behavior using OpenSSL verification. This
is definitely a change in behavior, but I'm not convinced it's a bug. It's
not clear to me that it's worth preserving the previous behavior of being
able to reject a piece in the chain and continue. Matthias and Michał
I'd appreciate your opinion though.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:8>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
