From 2883e0964c869f2657cb6e0cb517fbd96f4d9a92 Mon Sep 17 00:00:00 2001
From: "Tobias S. Josefowitz" <tobij@tobij.de>
Date: Mon, 24 Feb 2020 00:05:51 +0100
Subject: [PATCH] SSL: Do not accept MD2, MD5 and SHA1 signatures any longer

Web browsers and others have distrusted SHA1 a long while ago, MD2 and
MD5 are at this point simply dangerous to support. However, we now
support configuration of supported signature algorithms via
@[SSL.Context] in case any use case simply needs to support older
signature algorithms.
---
 lib/modules/SSL.pmod/Connection.pike |  4 +++-
 lib/modules/SSL.pmod/Context.pike    | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/lib/modules/SSL.pmod/Connection.pike b/lib/modules/SSL.pmod/Connection.pike
index 68e11dfc66..bdc53ecfd1 100644
--- a/lib/modules/SSL.pmod/Connection.pike
+++ b/lib/modules/SSL.pmod/Connection.pike
@@ -264,7 +264,9 @@ int verify_certificate_chain(array(string) certs)
   mapping result =
     Standards.X509.verify_certificate_chain(certs,
                                             context->trusted_issuers_cache,
-					    context->require_trust);
+					    context->require_trust,
+					    ([ "verifier_algorithms"
+                                               : context->verifier_algorithms]));
 
   // This data isn't actually used internally.
   session->cert_data = result;
diff --git a/lib/modules/SSL.pmod/Context.pike b/lib/modules/SSL.pmod/Context.pike
index 7071d36073..3c916fa998 100644
--- a/lib/modules/SSL.pmod/Context.pike
+++ b/lib/modules/SSL.pmod/Context.pike
@@ -70,6 +70,22 @@ ProtocolVersion max_version = PROTOCOL_TLS_MAX;
 //! protocol negotiation.
 array(string(8bit)) advertised_protocols;
 
+//! Mapping of supported verifier algorithms to hash implementation.
+//!
+//! @seealso
+//!   @[Standards.X509.get_algorithms()]
+mapping(Standards.ASN1.Types.Identifier:Crypto.Hash) verifier_algorithms
+= filter(Standards.X509.get_algorithms(),
+                                     lambda(object o) {
+    return !(<
+#if constant(Crypto.MD2)
+        Crypto.MD2,
+#endif
+        Crypto.MD5,
+        Crypto.SHA1
+    >)[o];
+});
+
 //! The maximum amount of data that is sent in each SSL packet by
 //! @[File]. A value between 1 and @[Constants.PACKET_MAX_SIZE].
 int packet_max_size = PACKET_MAX_SIZE;
-- 
GitLab