From e56b1a082b166acabc694202ae3ed1b02b6f4081 Mon Sep 17 00:00:00 2001
From: Dominique Fuchs <32204802+DominiqueFuchs@users.noreply.github.com>
Date: Tue, 3 Sep 2019 10:56:47 +0200
Subject: [PATCH 1/2] Updated .gitignore to integrate unwanted files when
 working with VSC or VS2019

Signed-off-by: Dominique Fuchs <32204802+DominiqueFuchs@users.noreply.github.com>
---
 .gitignore | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.gitignore b/.gitignore
index b16e70a676..27472ed920 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,9 +15,18 @@ cscope.*
 tags
 t1.cfg
 
+## Ignore Visual Studio Code config & environment files
+
+.vs/
+.vscode/
+
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
+# CMake integration on VS2019+
+
+CMakeSettings.json
+
 # User-specific files
 *.suo
 *.user

From 3e6422a88993ff71abc1cffa89ff3c22ae841374 Mon Sep 17 00:00:00 2001
From: Martin Sucha <git@mm.ms47.eu>
Date: Sun, 1 Sep 2019 11:11:59 +0200
Subject: [PATCH 2/2] Use newer digest algorithms in TLS error dialog

MD5 has been broken for a long time now and SHA1 has been
deprecated as well. SHA1 is not used when issuing new
publicly trusted certificates since 1 January 2016[1] and
there are more and more effective attacks[2][3] against it,
so display SHA1 fingerprint only for old certificates
to encourage use of safer digests by users.

So, we display SHA-256 and SHA-512 fingerprints instead in
the common case.

[1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf
[2] https://shattered.io/static/shattered.pdf
[3] https://eprint.iacr.org/2019/459.pdf

Signed-off-by: Martin Sucha <git@mm.ms47.eu>
---
 src/gui/sslerrordialog.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/gui/sslerrordialog.cpp b/src/gui/sslerrordialog.cpp
index 8b6350efa7..814a7b0af0 100644
--- a/src/gui/sslerrordialog.cpp
+++ b/src/gui/sslerrordialog.cpp
@@ -184,10 +184,15 @@ QString SslErrorDialog::certDiv(QSslCertificate cert) const
 
     msg += QL("<p>");
 
-    QString md5sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Md5).toHex());
-    QString sha1sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha1).toHex());
-    msg += tr("Fingerprint (MD5): <tt>%1</tt>").arg(md5sum) + QL("<br/>");
-    msg += tr("Fingerprint (SHA1): <tt>%1</tt>").arg(sha1sum) + QL("<br/>");
+    if (cert.effectiveDate() < QDateTime(QDate(2016, 1, 1), QTime(), Qt::UTC)) {
+	QString sha1sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha1).toHex());
+        msg += tr("Fingerprint (SHA1): <tt>%1</tt>").arg(sha1sum) + QL("<br/>");
+    }
+
+    QString sha256sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha256).toHex());
+    QString sha512sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha512).toHex());
+    msg += tr("Fingerprint (SHA-256): <tt>%1</tt>").arg(sha256sum) + QL("<br/>");
+    msg += tr("Fingerprint (SHA-512): <tt>%1</tt>").arg(sha512sum) + QL("<br/>");
     msg += QL("<br/>");
     msg += tr("Effective Date: %1").arg(cert.effectiveDate().toString()) + QL("<br/>");
     msg += tr("Expiration Date: %1").arg(cert.expiryDate().toString()) + QL("</p>");