jdev - 2020-07-04

  1. lovetox

    in Gajim you can trust a self signed cert that a server offers

  2. lovetox

    what Gajim does is, it adds it to a kind of cert store (not the system one)

  3. lovetox

    and later if it gets UNKNOWN_CA, it just checks the store if the user trusts this cert

  4. lovetox

    now if someone knows i trust a specific self signed cert, could the creator of that cert impersonate another server?

  5. lovetox

    i think no, because changing stuff like domain within the cert, would change the fingerprint of the cert, and then the certs are not equal anymore, hence new trust decision

  6. lovetox

    is this correct?

  7. Zash

    Is that trust store per account or 'global'?

  8. lovetox


  9. lovetox

    basically a server offers a cert, and i get the fingerprint and look if there is a cert with that fingerprint in the trust store

  10. lovetox

    question is, changing the domain a cert is valid for, changes the fingerprint

  11. lovetox

    or not?

  12. Zash

    the fingerprint for the entire cert would cover the entire cert

  13. Zash

    including all the names

  14. Zash

    it sounds like it may be possible for such a server to impersonate another server you have an account on, if you connect there somehow?

  15. Zash

    do you verify the names in self-signed certs tho?

  16. lovetox

    no, thats just one step in the verify process

  17. lovetox

    of course i let the ssl lib first verify the cert normally

  18. lovetox

    afterwards it offers me errors

  19. lovetox

    like UNKNOWN_CA

  20. lovetox

    if UNKNOWN_CA is the *only* error on the cert

  21. lovetox

    i check the trust store

  22. Zash

    in prosody there are no name checks if the CA is untrusted, I don't know how your code works

  23. lovetox

    of course if htere are other errors like, BAD_IDENTITY or other stuff

  24. lovetox

    this is shown to the user

  25. lovetox

    hence if the someone manipulates the trusted cert, so it links to another domain, to circumvent a BAD_IDENTITY error

  26. lovetox

    it would change the fingerprint of the cert

  27. lovetox

    hence Gajim would not find it anymore in the trust store

  28. lovetox

    and raise UNKNOWN_CA

  29. Zash

    You know, since this is security related, it might be best to quietly test whether it's exploitable before talking about it in public :)

  30. lovetox

    i dont think this is exploitable, and even if, nobody is forced to accept self signed certs

  31. lovetox

    but i wouldnt know how otherwise i can support self signed certs

  32. lovetox

    without presenting the user on every connect with a cert error dialog

  33. Zash

    What happens if the server later switches to a CA-issued cert?

  34. Zash

    IMO it would make sense to have such trust decisions be saved per account, just to be sure.

  35. lovetox

    its verified ok and user is not notified about it

  36. lovetox

    yes Zash thats what i was thining about

  37. lovetox

    i have no concrete reason, but if feels a bit better

  38. Zash

    Some users would probably want a warning if the certificate changed from a self-signed to a CA-issued one.

  39. Zash

    Depending on why a self-signed cert was in used at all.

  40. Zash

    If it's just a temporary cert until a CA issued one can be gotten, then it probably doesn't matter.

  41. Zash

    If it's someone who doesn't trust CAs at all running the server, then it'd be suspicious if it suddenly had a CA-issued one.

  42. lovetox

    yeah probably right

  43. lovetox

    but i dont care about that one guy that wants that thing