Use case insensitive DNS SAN matching in PKINIT

Matching Subject Alternative Name from certificate with
pkinit_kdc_hostname value from krb5.conf should disregard case.

ticket: 7913 (new)

diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 2a003700b42c4f4c1fadb152df980d2a97ccd3cb..55b38811f757d1ff99ebc092b031f8db5611777d 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -570,7 +570,7 @@ verify_kdc_san(krb5_context context,
         for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) {
             pkiDebug("%s: comparing cert name '%s' with config name '%s'\n",
                      __FUNCTION__, certhosts[i], cfghosts[j]);
-            if (strcmp(certhosts[i], cfghosts[j]) == 0) {
+            if (strcasecmp(certhosts[i], cfghosts[j]) == 0) {
                 TRACE_PKINIT_CLIENT_SAN_MATCH_DNSNAME(context, certhosts[i]);
                 pkiDebug("%s: we have a dnsName match\n", __FUNCTION__);
                 *valid_san = 1;