diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-29 14:21:59 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-12 10:30:37 +0200 |
commit | 4a11812d9c47213fe1d06bb7b8136901a6b26674 (patch) | |
tree | f242c8af22873ad9974f1a4eb46061c031bda86b /lib/x509 | |
parent | 679f3f23fb6132051f855c836aefb6aac2e62881 (diff) | |
download | gnutls-4a11812d9c47213fe1d06bb7b8136901a6b26674.tar.gz |
pkcs11 uris: the URI scheme is case insensitivetmp-uris
Makes the comparisons of the URI scheme to use c_strcasecmp
from gnulib. It also replaces various straw strcasecmp with
the gnulib variant. This ensures that comparison will be
reliable irrespective of the locale.
Resolves #590
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/common.c | 3 | ||||
-rw-r--r-- | lib/x509/verify-high2.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index 4a3e8376f7..b0ee8b80cc 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -30,6 +30,7 @@ #include <x509.h> #include <num.h> #include <x509_b64.h> +#include <c-strcase.h> #include "x509_int.h" #include "extras/hex.h" #include <common.h> @@ -164,7 +165,7 @@ const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len) do { if ((_oid2str[i].ldap_desc != NULL) && (str_len == _oid2str[i].ldap_desc_size) && - (strncasecmp(_oid2str[i].ldap_desc, str, str_len) == + (c_strncasecmp(_oid2str[i].ldap_desc, str, str_len) == 0)) return _oid2str[i].oid; i++; diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 8ba2f2a3ee..f4a580bb05 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -28,12 +28,14 @@ #include <num.h> #include <tls-sig.h> #include <str.h> +#include <c-strcase.h> #include <datum.h> #include "x509_int.h" #include <common.h> #include "verify-high.h" #include "read-file.h" #include <pkcs11_int.h> +#include "urls.h" #include <dirent.h> @@ -325,7 +327,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, if (ca_file != NULL) { #ifdef ENABLE_PKCS11 - if (strncmp(ca_file, "pkcs11:", 7) == 0) { + if (c_strncasecmp(ca_file, PKCS11_URL, PKCS11_URL_SIZE) == 0) { unsigned pcrt_list_size = 0; /* in case of a token URL import it as a PKCS #11 token, @@ -497,7 +499,7 @@ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, int ret; #ifdef ENABLE_PKCS11 - if (strncmp(ca_file, "pkcs11:", 7) == 0) { + if (c_strncasecmp(ca_file, PKCS11_URL, PKCS11_URL_SIZE) == 0) { if (is_pkcs11_url_object(ca_file) != 0) { return remove_pkcs11_object_url(list, ca_file); } else { /* token */ |