diff options
| author | Tomas Kuthan <tkuthan@gmail.com> | 2014-05-19 11:37:07 +0200 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-05-19 13:45:15 -0400 |
| commit | 6a77d5e7c8602458e482278195c31cb7a2261232 (patch) | |
| tree | e0e8eb122c32c54fe790b720cf10e3fca6ae30f2 /src | |
| parent | dab1c234e15afdc64dfe776bdbc65bbc17d07e12 (diff) | |
| download | krb5-6a77d5e7c8602458e482278195c31cb7a2261232.tar.gz krb5-6a77d5e7c8602458e482278195c31cb7a2261232.tar.xz krb5-6a77d5e7c8602458e482278195c31cb7a2261232.zip | |
Use case insensitive DNS SAN matching in PKINIT
Matching Subject Alternative Name from certificate with
pkinit_kdc_hostname value from krb5.conf should disregard case.
ticket: 7913 (new)
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 2a003700b..55b38811f 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -570,7 +570,7 @@ verify_kdc_san(krb5_context context, for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) { pkiDebug("%s: comparing cert name '%s' with config name '%s'\n", __FUNCTION__, certhosts[i], cfghosts[j]); - if (strcmp(certhosts[i], cfghosts[j]) == 0) { + if (strcasecmp(certhosts[i], cfghosts[j]) == 0) { TRACE_PKINIT_CLIENT_SAN_MATCH_DNSNAME(context, certhosts[i]); pkiDebug("%s: we have a dnsName match\n", __FUNCTION__); *valid_san = 1; |