From: Zdenek Dohnal Date: Fri, 19 Nov 2021 11:23:08 +0000 (+0100) Subject: cups/http-support.c: Apply DigestOptions to RFC 2069 support X-Git-Tag: v2.4.0~8^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F287%2Fhead;p=thirdparty%2Fcups.git cups/http-support.c: Apply DigestOptions to RFC 2069 support Earlier we applied DigestOptions only for devices which implement RFC 2617 or RFC 7616, this commit applies it even for RFC 2069 support. This issue came up during CentOS Stream/RHEL 9 development, where MD5 digest is marked as insecure for authentication/authorization, so it should be turned off in default configurations to prevent security issues. --- diff --git a/cups/http-support.c b/cups/http-support.c index 209235ee6a..3d1208789f 100644 --- a/cups/http-support.c +++ b/cups/http-support.c @@ -1430,6 +1430,12 @@ _httpSetDigestAuthString( * Use old RFC 2069 Digest method... */ + if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5) + { + DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled."); + return (0); + } + /* H(A1) = H(username:realm:password) */ snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password); hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));