summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/lib/account.php38
-rw-r--r--pages/account/10.php7
-rw-r--r--pages/account/16.php7
-rw-r--r--pages/account/20.php7
-rw-r--r--pages/account/3.php7
5 files changed, 36 insertions, 30 deletions
diff --git a/includes/lib/account.php b/includes/lib/account.php
index 0a8602a..6bc2c1e 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -103,31 +103,33 @@ function fix_assurer_flag($userID = NULL)
*/
class HashAlgorithms {
/**
- * List of identifiers of supported hash algorithms for signing certificates
- * @var array(string)
- */
- public static $list = array(
- "sha256",
- "sha384",
- "sha512",
- );
-
- /**
* Default hash algorithm identifier for signing
* @var string
*/
- public static $default = "sha256";
+ public static $default = 'sha256';
/**
* Get display strings for the supported hash algorithms
- * @return array(string=>string) hash_identifier => display_string
+ * @return array(string=>array('name'=>string, 'info'=>string))
+ * - [$hash_identifier]['name'] = Name that should be displayed in UI
+ * - [$hash_identifier]['info'] = Additional information that can help
+ * with the selection of a suitable algorithm
*/
- public static function display_strings() {
+ public static function getInfo() {
return array(
- "sha256" => "SHA256 "._("recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x)."),
- "sha384" => "SHA384",
- "sha512" => "SHA512",
- );
+ 'sha256' => array(
+ 'name' => 'SHA256',
+ 'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
+ ),
+ 'sha384' => array(
+ 'name' => 'SHA384',
+ 'info' => '',
+ ),
+ 'sha512' => array(
+ 'name' => 'SHA512',
+ 'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
+ ),
+ );
}
/**
@@ -138,7 +140,7 @@ class HashAlgorithms {
* @return string The cleaned identifier
*/
public static function clean($hash_identifier) {
- if (in_array($hash_identifier, self::$list)) {
+ if (array_key_exists($hash_identifier, self::getInfo() )) {
return $hash_identifier;
} else {
return self::$default;
diff --git a/pages/account/10.php b/pages/account/10.php
index df95b48..17999a7 100644
--- a/pages/account/10.php
+++ b/pages/account/10.php
@@ -61,14 +61,15 @@
<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
<ul class="no_indent">
<?
-foreach (HashAlgorithms::display_strings() as $algorithm => $display_string) {
+foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<li>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
- <label for="hash_alg_<?=$algorithm?>"><?=$display_string?></label>
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
</li>
<?
-} ?>
+}
+?>
</ul>
</div>
diff --git a/pages/account/16.php b/pages/account/16.php
index 2a9d734..28aa614 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -71,12 +71,13 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
<td class="DataTD" colspan="2" align="left">
<?=_("Hash algorithm used when signing the certificate:")?><br />
<?
- foreach (HashAlgorithms::display_strings() as $algorithm => $display_string) {
+ foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
- <label for="hash_alg_<?=$algorithm?>"><?=$display_string?></label><br />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
<?
- } ?>
+ }
+ ?>
</td>
</tr>
diff --git a/pages/account/20.php b/pages/account/20.php
index 470b59a..89bbc30 100644
--- a/pages/account/20.php
+++ b/pages/account/20.php
@@ -55,14 +55,15 @@
<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
<ul class="no_indent">
<?
-foreach (HashAlgorithms::display_strings() as $algorithm => $display_string) {
+foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<li>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
- <label for="hash_alg_<?=$algorithm?>"><?=$display_string?></label>
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
</li>
<?
-} ?>
+}
+?>
</ul>
</div>
diff --git a/pages/account/3.php b/pages/account/3.php
index 8c386cd..cd62ce0 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -119,12 +119,13 @@ if($_SESSION['profile']['points'] >= 50)
<td class="DataTD" colspan="2" align="left">
<?=_("Hash algorithm used when signing the certificate:")?><br />
<?
- foreach (HashAlgorithms::display_strings() as $algorithm => $display_string) {
+ foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
- <label for="hash_alg_<?=$algorithm?>"><?=$display_string?></label><br />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
<?
- } ?>
+ }
+ ?>
</td>
</tr>