[28332] in CVS-changelog-for-Kerberos-V5
krb5 commit: Use case insensitive DNS SAN matching in PKINIT
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon May 19 13:46:08 2014
Date: Mon, 19 May 2014 13:46:04 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201405191746.s4JHk4dF007851@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/6a77d5e7c8602458e482278195c31cb7a2261232
commit 6a77d5e7c8602458e482278195c31cb7a2261232
Author: Tomas Kuthan <tkuthan@gmail.com>
Date: Mon May 19 11:37:07 2014 +0200
Use case insensitive DNS SAN matching in PKINIT
Matching Subject Alternative Name from certificate with
pkinit_kdc_hostname value from krb5.conf should disregard case.
ticket: 7913 (new)
src/plugins/preauth/pkinit/pkinit_clnt.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 2a00370..55b3881 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -570,7 +570,7 @@ verify_kdc_san(krb5_context context,
for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) {
pkiDebug("%s: comparing cert name '%s' with config name '%s'\n",
__FUNCTION__, certhosts[i], cfghosts[j]);
- if (strcmp(certhosts[i], cfghosts[j]) == 0) {
+ if (strcasecmp(certhosts[i], cfghosts[j]) == 0) {
TRACE_PKINIT_CLIENT_SAN_MATCH_DNSNAME(context, certhosts[i]);
pkiDebug("%s: we have a dnsName match\n", __FUNCTION__);
*valid_san = 1;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
