Security bug in diohsc versions <0.1.12

Today I noticed a very stupid security bug in my Gemini client, diohsc, which could potentially be used to circumvent TOFU and run a MitM attack.

If you use diohsc, please upgrade to the latest version (0.1.12); typically you can do this by running "cabal update && cabal install diohsc".

The bug is as simple as it is stupid. If you navigate to a capsule whose certificate you trust, e.g. because it's saved in your known_hosts directory after explicitly trusting it previously, then the fact that it is trusted is stored in RAM so future connections don't require disk access. But when checking certificates against those stored this way, in the buggy versions only the certificate itself is considered, and not the hostname. Upshot: if you go to one capsule where you trust the certificate, the owner of that certificate could then use it to MitM your subsequent connections to any host. Oops.

Proxy Information
Original URL
gemini://gemini.thegonz.net/glog/221008-diohscSecurityUpdate.gmi
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
200.586836 milliseconds
Gemini-to-HTML Time
0.211631 milliseconds

This content has been proxied by September (ba2dc).