#3916: Mutt 1.8: TOFU host certificate not working
-----------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
-----------------------+----------------------
Comment (by m-a):
Replying to [comment:8 kevin8t8]:
> I wonder if the "error:0906D06C:PEM routines:PEM_read_bio:no start line"
is a remnant from ssl_load_certificates() trying to read an empty cert
file. Perhaps we need to reset the err on rejecting.
No, there's a place that should have looked at and purged the error queue,
but forgot.
> The new behavior is the default behavior using OpenSSL verification.
This is definitely a change in behavior, but I'm not convinced it's a bug.
It's not clear to me that it's worth preserving the previous behavior of
being able to reject a piece in the chain and continue. Matthias and
MichaĆ I'd appreciate your opinion though.
I don't see it as a bug either, but rather a missing special feature. I
acknowledge there is a point in providing **some** way for users to
restrict what they want to trust, by cutting chains, but I wonder if we
need to expose it through mutt's user interface. Ultimately users claim
to improve security by avoiding rogue or dodgy CAs, but I question that
TOFU is any better. If you see a certificate change, is that because (a)
an eavesdropping has started, (b) an eavesdropping has ended, or (c)
someone just reissued the host's certificate - which will be rather
frequent if it's a Let's Encrypt certificate, or behind certain load
balancing setups. This looks like self-inflicted pain somewhat. If we
add something to the UI, it should be a "skip trusting this certificate".
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:10>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
