evolution-ews silently ignores all certificate errors
Steps
- start
mitmproxy
locally, and set gnome proxy to use local mitmproxy instance - Create an EWS account in gnome-online-accounts
- When presented with certificate error, Select Ignore, complete account setup
- Close mitmproxy, delete
~/.mitmproxy
directory, restart mitmproxy. This regenerates CA certificate which is now different from the issuer - Launch Evolution and fetch mail
Expected Bahaviour
- Prompt that the certificate is untrusted (as it is issued by a new, untrusted CA than the one previously seen)
- Log something about the certificate being used and indicate in GUI
Actual Behaviour
- evolution-ews silently connects, ignoring all certificate trust failures
- This makes transport security nonexistent, and doing it so silently makes it even worse.
Confirmed in evolution-ews 3.26.6
Edited by Liam Dennehy