diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2016-11-21 15:27:17 -0700 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2016-11-21 15:27:17 -0700 |
| commit | f2111e1cf184a4c32b97542470294ebf47e6caea (patch) | |
| tree | ca77ea7bfbd0ac676f375fb32c93cb38297d05b3 | |
| parent | 608be97a394100c9af90f404ea0fe51b0f378eac (diff) | |
| download | alpine-f2111e1cf184a4c32b97542470294ebf47e6caea.tar.xz | |
* SMIME: Change the default signature digest from sha1 to sha-256,
since clients such as Thunderbird do not validate signatures that use
sha1 digest.
| -rw-r--r-- | doc/tech-notes/tech-notes.txt | 102 | ||||
| -rw-r--r-- | pith/pine.hlp | 5 | ||||
| -rw-r--r-- | pith/smime.c | 15 |
3 files changed, 117 insertions, 5 deletions
diff --git a/doc/tech-notes/tech-notes.txt b/doc/tech-notes/tech-notes.txt index 1cd14179..9e561925 100644 --- a/doc/tech-notes/tech-notes.txt +++ b/doc/tech-notes/tech-notes.txt @@ -1,4 +1,106 @@ + Alpine Technical Notes + + Version 2.20.17, October 2016 + +Table of Contents + + Introduction + + * Design Goals + * Alpine Components + + Background Details + + * Domain Names + * RFC 2822 Compliance + * SMTP and Sendmail + * Internet Message Access Protocol (IMAP) + * Multipurpose Internet Mail Extensions (MIME) + * Folder Collections + + Building and Installation + + * Compile-time Options + * Including LDAP Functionality + * Including Kerberos 5 Functionality + * Other Alpine Compile-time Options + * IMAPd Compile-time Options + * Building the Alpine Programs + * Installing Alpine and Pico on UNIX Platforms + * Installing PC-Alpine + * Installing IMAPd + * Support Files and Environment Variables: UNIX Alpine + * Support Files, Environment Variables, and Registry Values: + PC-Alpine + + Command Line Arguments + + * Alpine + * Pico + * Pilot + + Configuration and Preferences + + * Alpine Configuration + * General Configuration Variables + * Configuration Features + * Hidden Config Variables and Features + * Retired Variables + * Tokens for Index and Replying + * Conditional Inclusion of Text for Reply-Leadin, Signatures, and + Templates + * Per Server Directory Configuration + * Color Configuration + * Index Line Color Configuration + * Role Configuration + * Filtering Configuration + * Scoring Configuration + * Other Rules Configuration + * Search Rules Configuration + * Patterns + * Configuring News + Configuration Notes + + Alpine in Function Key Mode + + Domain Settings + + Syntax for Collections + + Syntax for Folder Names + + Server Name Syntax + + Folder Namespaces + + What is a Mail Drop? + + Sorting a Folder + + Alternate Editor + + Signatures and Signature Placement + + Feature List Variable + + Configuration Inheritance + + Using Environment Variables + + SMTP Servers + + MIME.Types file + + Color Details + + S/MIME Overview + + Additional Notes on PC-Alpine + + Behind the Scenes + + * Address Books + * Remote Configuration + * Checkpointing + * Debug Files + * INBOX and Special Folders + * Internal Help Files + * International Character Sets + * Interrupted and Postponed Messages + * Message Status + * MIME: Reading a Message + * MIME: Sending a Message + * New Mail Notification + * NFS + * Printers and Printing + * Save and Export + * Sent Mail + * Spell Checker + * Terminal Emulation and Key Mapping + Introduction Design Goals diff --git a/pith/pine.hlp b/pith/pine.hlp index 506cd2f3..d7e94ed1 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 181 2016-11-18 23:17:58 +Alpine Commit 182 2016-11-21 15:27:11 ============= h_news ================= <HTML> <HEAD> @@ -213,6 +213,9 @@ Additions include: that allows users to ignore errors in the computation of the size of a message from defective servers. + <LI> SMIME: Upgrade the default signature digest from sha1 to sha-256, since + clients such as Thunderbird do not validate signatures that use sha1 digest. + <LI> Add the configuration variable "default-directories", which is called <A href="h_config_history"><!--#echo var="VAR_default-directories"--></A> variable saves a list of directories that are readily accessible diff --git a/pith/smime.c b/pith/smime.c index 43e7375b..76fbdc91 100644 --- a/pith/smime.c +++ b/pith/smime.c @@ -3661,6 +3661,7 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp) PKCS7 *p7 = NULL; PKCS7 *p7_2 = NULL; STACK_OF(X509) *chain; + const EVP_MD *md = EVP_sha256(); /* use this digest instead of sha1 */ int result = 0, error; int flags = dont_detach ? 0 : PKCS7_DETACHED; int level; @@ -3701,7 +3702,10 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp) in = body_to_bio(body); - p7 = PKCS7_sign(pcert->cert, pcert->key, chain, in, flags); + flags |= PKCS7_PARTIAL; + if((p7 = PKCS7_sign(NULL, NULL, chain, in, flags)) != NULL + && PKCS7_sign_add_signer(p7, pcert->cert, pcert->key, md, flags)) + PKCS7_final(p7, in, flags); if(bp && *bp){ int i, save_encoding; @@ -3722,8 +3726,11 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp) } } - if(bp && *bp) - p7_2 = PKCS7_sign(pcert->cert, pcert->key, chain, in_2, flags); + if(bp && *bp){ + if((p7_2 = PKCS7_sign(NULL, NULL, chain, in_2, flags)) != NULL + && PKCS7_sign_add_signer(p7_2, pcert->cert, pcert->key, md, flags)) + PKCS7_final(p7_2, in_2, flags); + } if(F_OFF(F_REMEMBER_SMIME_PASSPHRASE,ps_global)) forget_private_keys(); @@ -3786,7 +3793,7 @@ sign_outgoing_message(METAENV *header, BODY **bodyP, int dont_detach, BODY **bp) newBody->encoding = ENC7BIT; set_parameter(&newBody->parameter, "protocol", "application/pkcs7-signature"); - set_parameter(&newBody->parameter, "micalg", "sha1"); + set_parameter(&newBody->parameter, "micalg", "sha-256"); p1 = mail_newbody_part(); p2 = mail_newbody_part(); |