* SMIME: Change the default signature digest from sha1 to sha-256,

     since clients such as Thunderbird do not validate signatures that use
     sha1 digest.

3 files changed, 117 insertions, 5 deletions

diff --git a/doc/tech-notes/tech-notes.txt b/doc/tech-notes/tech-notes.txt
index 1cd14179..9e561925 100644
--- a/doc/tech-notes/tech-notes.txt
+++ b/doc/tech-notes/tech-notes.txt
@@ -1,4 +1,106 @@
 
+                             Alpine Technical Notes
+
+   Version 2.20.17, October 2016
+
+Table of Contents
+
+  Introduction
+
+     * Design Goals
+     * Alpine Components
+
+  Background Details
+
+     * Domain Names
+     * RFC 2822 Compliance
+     * SMTP and Sendmail
+     * Internet Message Access Protocol (IMAP)
+     * Multipurpose Internet Mail Extensions (MIME)
+     * Folder Collections
+
+  Building and Installation
+
+     * Compile-time Options
+     * Including LDAP Functionality
+     * Including Kerberos 5 Functionality
+     * Other Alpine Compile-time Options
+     * IMAPd Compile-time Options
+     * Building the Alpine Programs
+     * Installing Alpine and Pico on UNIX Platforms
+     * Installing PC-Alpine
+     * Installing IMAPd
+     * Support Files and Environment Variables: UNIX Alpine
+     * Support Files, Environment Variables, and Registry Values:
+       PC-Alpine
+
+  Command Line Arguments
+
+     * Alpine
+     * Pico
+     * Pilot
+
+  Configuration and Preferences
+
+     * Alpine Configuration
+     * General Configuration Variables
+     * Configuration Features
+     * Hidden Config Variables and Features
+     * Retired Variables
+     * Tokens for Index and Replying
+     * Conditional Inclusion of Text for Reply-Leadin, Signatures, and
+       Templates
+     * Per Server Directory Configuration
+     * Color Configuration
+     * Index Line Color Configuration
+     * Role Configuration
+     * Filtering Configuration
+     * Scoring Configuration
+     * Other Rules Configuration
+     * Search Rules Configuration
+     * Patterns
+     * Configuring News
+       Configuration Notes
+          + Alpine in Function Key Mode
+          + Domain Settings
+          + Syntax for Collections
+          + Syntax for Folder Names
+          + Server Name Syntax
+          + Folder Namespaces
+          + What is a Mail Drop?
+          + Sorting a Folder
+          + Alternate Editor
+          + Signatures and Signature Placement
+          + Feature List Variable
+          + Configuration Inheritance
+          + Using Environment Variables
+          + SMTP Servers
+          + MIME.Types file
+          + Color Details
+          + S/MIME Overview
+          + Additional Notes on PC-Alpine
+
+  Behind the Scenes
+
+     * Address Books
+     * Remote Configuration
+     * Checkpointing
+     * Debug Files
+     * INBOX and Special Folders
+     * Internal Help Files
+     * International Character Sets
+     * Interrupted and Postponed Messages
+     * Message Status
+     * MIME: Reading a Message
+     * MIME: Sending a Message
+     * New Mail Notification
+     * NFS
+     * Printers and Printing
+     * Save and Export
+     * Sent Mail
+     * Spell Checker
+     * Terminal Emulation and Key Mapping
+
                                   Introduction
 
 Design Goals
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 506cd2f3..d7e94ed1 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 181 2016-11-18 23:17:58
+Alpine Commit 182 2016-11-21 15:27:11
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -213,6 +213,9 @@ Additions include:
        that allows users to ignore errors in the computation of the size
        of a message from defective servers.
 
+  <LI> SMIME: Upgrade the default signature digest from sha1 to sha-256, since 
+       clients such as Thunderbird do not validate signatures that use sha1 digest.
+
   <LI> Add the configuration variable "default-directories", which is called
        <A href="h_config_history"><!--#echo var="VAR_default-directories"--></A>
        variable saves a list of directories that are readily accessible 
diff --git a/pith/smime.c b/pith/smime.c
index 43e7375b..76fbdc91 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -3661,6 +3661,7 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp)
     PKCS7   *p7 = NULL;
     PKCS7   *p7_2 = NULL;
     STACK_OF(X509) *chain;
+    const EVP_MD *md = EVP_sha256();	/* use this digest instead of sha1 */
     int result = 0, error;
     int flags = dont_detach ? 0 : PKCS7_DETACHED;
     int level;
@@ -3701,7 +3702,10 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp)
    
     in = body_to_bio(body);
 
-    p7 = PKCS7_sign(pcert->cert, pcert->key, chain, in, flags);
+    flags |= PKCS7_PARTIAL;
+    if((p7 = PKCS7_sign(NULL, NULL, chain, in, flags)) != NULL
+	&& PKCS7_sign_add_signer(p7, pcert->cert, pcert->key, md, flags))
+	   PKCS7_final(p7, in, flags);
 
     if(bp && *bp){
       int i, save_encoding;
@@ -3722,8 +3726,11 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp)
       }
     }
 
-    if(bp && *bp)
-       p7_2 = PKCS7_sign(pcert->cert, pcert->key, chain, in_2, flags);
+    if(bp && *bp){
+       if((p7_2 = PKCS7_sign(NULL, NULL, chain, in_2, flags)) != NULL
+	&& PKCS7_sign_add_signer(p7_2, pcert->cert, pcert->key, md, flags))
+	   PKCS7_final(p7_2, in_2, flags);
+    }
 
     if(F_OFF(F_REMEMBER_SMIME_PASSPHRASE,ps_global))
       forget_private_keys();
@@ -3786,7 +3793,7 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp)
 	newBody->encoding = ENC7BIT;
 
 	set_parameter(&newBody->parameter, "protocol", "application/pkcs7-signature");
-	set_parameter(&newBody->parameter, "micalg", "sha1");
+	set_parameter(&newBody->parameter, "micalg", "sha-256");
 
 	p1 = mail_newbody_part();
 	p2 = mail_newbody_part();