#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
--------------------------+----------------------
Comment (by m-a):
I beg to differ on the "perfectly", I see two issues in initial testing.
1. On Ubuntu 16.04.X LTS, if I skip the root certificate, it gets shown
again, first time with {{{(preverify: 0 skipmode: 0)}}}, second time with
{{{(preverify: 1 skipmode: 1)}}}. Not sure if that's Ubuntu-specific. This
is the relevant trace with mutt -d3:
{{{
[2017-03-01 00:12:47] ssl_verify_callback: checking cert chain entry
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom
Root CA 2 (preverify: 0 skipmode: 0)
[2017-03-01 00:12:47] X509_verify_cert: self signed certificate in
certificate chain (19)
>>> press 's' here
[2017-03-01 00:12:49] ssl interactive_check_cert: done=2
[2017-03-01 00:12:49] ssl_verify_callback: checking cert chain entry
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom
Root CA 2 (preverify: 1 skipmode: 1)
[2017-03-01 00:12:49] X509_verify_cert: self signed certificate in
certificate chain (19)
>>> press 's' here, being confused and believing the keyboard is aging
[2017-03-01 00:12:49] ssl interactive_check_cert: done=2
[2017-03-01 00:12:49] ssl_verify_callback: checking cert chain entry
/C=DE/O=DFN-Verein/OU=DFN-PKI/CN=DFN-Verein PCA Global - G01 (preverify: 1
skipmode: 1)
[2017-03-01 00:12:49] X509_verify_cert: self signed certificate in
certificate chain (19)
>>> press 'o' here
[2017-03-01 00:12:51] ssl_cache_trusted_cert: trusted
[2017-03-01 00:12:51] ssl interactive_check_cert: done=2
...
}}}
2. Saving the **host** certificate, rather than that of its immediate
signer, works technically in that the host certificate goes to the mutt
certificate file, but does not yield the desired results, OpenSSL does not
trust it. (This may be intentional.)[[BR]] Instead of mutt connecting
directly, I am presented with the entire chain again, which I skip
(pressing 's'), **except** when we're getting to the host certificate,
which mutt then accepts on its own. To me this looks more like one more
OpenSSL idiosyncrasy that we need to deal with, rather than a genuine bug
in the existing or new mutt code. I don't currently have an idea how to
solve this, short of trying to give the host certificate check a jump
start by pulling it (the server/host certificate) out from under the pile
(if that's at all possible in the callback, and the OpenSSL authors don't
consider this an abuse of the callback) and checking it first, before
running down the chain.[[BR]]Anyways, here's mutt's -d3 debug trace:
{{{
[2017-03-01 00:20:52] ssl_load_certificates: loading trusted certificates
[2017-03-01 00:20:52] ssl_verify_callback: checking cert chain entry
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom
Root CA 2 (preverify: 0 skipmode: 0)
[2017-03-01 00:20:52] X509_verify_cert: self signed certificate in
certificate chain (19)
[2017-03-01 00:20:55] ssl interactive_check_cert: done=2
[2017-03-01 00:20:55] ssl_verify_callback: checking cert chain entry
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom
Root CA 2 (preverify: 1 skipmode: 1)
[2017-03-01 00:20:55] X509_verify_cert: self signed certificate in
certificate chain (19)
[2017-03-01 00:20:56] ssl interactive_check_cert: done=2
[2017-03-01 00:20:56] ssl_verify_callback: checking cert chain entry
/C=DE/O=DFN-Verein/OU=DFN-PKI/CN=DFN-Verein PCA Global - G01 (preverify: 1
skipmode: 1)
[2017-03-01 00:20:56] X509_verify_cert: self signed certificate in
certificate chain (19)
[2017-03-01 00:20:56] ssl interactive_check_cert: done=2
[2017-03-01 00:20:56] ssl_verify_callback: checking cert chain entry
/C=DE/O=Technische Universitaet Dortmund/OU=ITMC/CN=TU Dortmund CA -
G01/[email protected] (preverify: 1 skipmode: 1)
[2017-03-01 00:20:56] X509_verify_cert: self signed certificate in
certificate chain (19)
[2017-03-01 00:20:56] ssl interactive_check_cert: done=2
[2017-03-01 00:20:56] ssl_verify_callback: checking cert chain entry
/C=DE/ST=Nordrhein-Westfalen/L=Dortmund/O=Technische Universitaet
Dortmund/OU=ITMC/CN=unimail.tu-dortmund.de (preverify: 1 skipmode: 1)
[2017-03-01 00:20:56] ssl_verify_callback: hostname check passed
[2017-03-01 00:20:56] ssl_verify_callback: digest check passed
[2017-03-01 00:20:56] TLSv1.2 connection using TLSv1/SSLv3 (DHE-RSA-AES256
-GCM-SHA384)
}}}
GDB single-stepping the call-back the first time it's called (note this is
on optimized code, this causes artifacts from instruction scheduling to
show in the traces, such as lines apparently being run twice and/or out of
normal order.
{{{
...
990 len = sk_X509_num (X509_STORE_CTX_get_chain (ctx));
(gdb)
992 dprint (1, (debugfile,
(gdb)
998 if (check_certificate_cache (cert))
(gdb)
1007 if (pos == 0 && option (OPTSSLVERIFYHOST) != MUTT_NO)
(gdb)
1006 buf[0] = 0;
(gdb)
1007 if (pos == 0 && option (OPTSSLVERIFYHOST) != MUTT_NO)
(gdb)
1018 if (!preverify_ok || skip_mode)
(gdb)
1021 if (SslCertFile && check_certificate_by_digest (cert))
(gdb)
1031 int err = X509_STORE_CTX_get_error (ctx);
(gdb)
1032 snprintf (buf, sizeof (buf), "%s (%d)",
(gdb)
1034 dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
(gdb)
1038 if ((pos != 0) && (quadoption (OPT_SSLVERIFYPARTIAL) ==
MUTT_YES))
(gdb)
1045 return interactive_check_cert (cert, pos, len, ssl);
}}}
{{{
$ apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.2g-1ubuntu4.6
Candidate: 1.0.2g-1ubuntu4.6
Version table:
*** 1.0.2g-1ubuntu4.6 500
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
Packages
500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64
Packages
100 /var/lib/dpkg/status
1.0.2g-1ubuntu4 500
500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:44>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
