[Bug 94063] spice-gtk / remote-viewer SSL verification behavior
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Feb 9 14:38:52 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=94063
--- Comment #2 from Fabian Grünbichler <f.gruenbichler at proxmox.com> ---
Original reporter here. For our use case, either 1 or 2 is probably fine, but I
would prefer version 1 because there are no (potentially failing) dependencies
on the user's or OS trust store.
Version 2 seems to be stricter, but IMHO only limits the possible valid
configurations without any security benefit. If an attacker is able to modify
the configuration file and changes the ca parameter (e.g., for MITM purposes),
they can currently already include their root certificate and pass all checks.
If the attacker cannot change the configuration file, I see no reason to
require an explicit pinning of the root in addition to the intermediate
certificate. OTOH, I might have missed a different setup where this distinction
is relevant. Requiring a trusted root certificate if there is no ca(-file)
parameter seems reasonable.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/spice-bugs/attachments/20160209/57bc4db7/attachment.html>
More information about the spice-bugs
mailing list