#3527: mutt: separation of host and CA SSL certificates
--------------------+-------------------------------------------------------
Reporter: thoger | Owner: mutt-dev
Type: defect | Status: new
Priority: minor | Milestone:
Component: mutt | Version:
Keywords: |
--------------------+-------------------------------------------------------
mutt currently does not ensure that an SSL certificate accepted for one
host is never used to verify SSL certificate of some other host. If user
is willing to accept some host SSL certificates, the server may be able to
SSL-MITM their connections to other mail servers.
Self-signed certificate scenario:[[BR]]
- Self-signed certificates usually have X509v3 Basic Constraint CA:TRUE.
[[BR]]
- If user accepts a self-signed certificate for e.g. imap.my-home-
server.domain, it can later be used as a CA when verifying other
certificates.[[BR]]
- Anyone in possession of the server key/cert (my-home-server admin that
went evil, a bad guy who managed to break into my-home-server) can now
issue certificates for arbitrary hostnames and have them accepted by mutt
as valid.
subjectAltNames scenario:[[BR]]
- mutt does not show subjectAltNames in the dialog prompting whether some
SSL certificate should be accepted. It does not restrict accepted host
certificate to only specific host. Any accepted certificate is hence
valid for any of the "hidden" subjectAltNames the user was not notified
about.[[BR]]
- If accepting host certificate for a hostname that does not match any
name in the certificate, "#H" header is added, but it currently only seems
to serve as a hint mapping name to the not-matching certificate, rather
than being a "use-only-for" hostname restriction. The "#H" header is not
added when there is a matching name in the certificate.[[BR]]
- This case is less interesting than the previous, as there's a malicious
certificate to begin with, and the scope is limited to what's in
subjectAltName.
Proper fix would probably require using storage that tracks which
certificates are host and which are CA, and ensure host certs are only
accepted for a specific host.
mutt currently allows accepting intermediate CA certs from cert chain
provided by server. Not sure if any restrictions should be applied to
such certificates, or it should be assumed that users have to know what
they are doing when accepting that.
Workaround: use separate certificate_file and ssl_ca_certificates_file for
each mail account, or at least for account with different "trust" (such as
home vs. work).
Tested with mutt-20110627 nightly with gnutls.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3527>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
