SSL: Do not accept MD2, MD5 and SHA1 signatures any longer

Web browsers and others have distrusted SHA1 a long while ago, MD2 and MD5 are at this point simply dangerous to support. However, we now support configuration of supported signature algorithms via @[SSL.Context] in case any use case simply needs to support older signature algorithms.

SSL: Do not accept MD2, MD5 and SHA1 signatures any longer
2883e096 · Tobias S. Josefowitz · 51999431 · 2883e096 · 2883e096
Commit 2883e096 authored 5 years ago by Tobias S. Josefowitz
--- a/lib/modules/SSL.pmod/Connection.pike
+++ b/lib/modules/SSL.pmod/Connection.pike
@@ -264,7 +264,9 @@ int verify_certificate_chain(array(string) certs)
  mapping result =
    Standards.X509.verify_certificate_chain(certs,
                                            context->trusted_issuers_cache,
-					    context->require_trust);
+					    context->require_trust,
+					    ([ "verifier_algorithms"
+                                               : context->verifier_algorithms]));

  // This data isn't actually used internally.
  session->cert_data = result;

--- a/lib/modules/SSL.pmod/Context.pike
+++ b/lib/modules/SSL.pmod/Context.pike
@@ -70,6 +70,22 @@ ProtocolVersion max_version = PROTOCOL_TLS_MAX;
 //! protocol negotiation.
 array(string(8bit)) advertised_protocols;

+//! Mapping of supported verifier algorithms to hash implementation.
+//!
+//! @seealso
+//!   @[Standards.X509.get_algorithms()]
+mapping(Standards.ASN1.Types.Identifier:Crypto.Hash) verifier_algorithms
+= filter(Standards.X509.get_algorithms(),
+                                     lambda(object o) {
+    return !(<
+#if constant(Crypto.MD2)
+        Crypto.MD2,
+#endif
+        Crypto.MD5,
+        Crypto.SHA1
+    >)[o];
+});
+
 //! The maximum amount of data that is sent in each SSL packet by
 //! @[File]. A value between 1 and @[Constants.PACKET_MAX_SIZE].
 int packet_max_size = PACKET_MAX_SIZE;