From 3ca3e1c3db754a6eac3e02fbfc639c20e12a5cf4 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Fri, 6 Apr 2018 17:22:44 +0200
Subject: [PATCH] Fix PKCS#11 URI detection to be case insensitive

The RFC 7512 defines the URI scheme "pkcs11". As defined in RFC 3986,
URI schemes are case-insensitive, although the canonical form must be
written in lowercase. The RFC 4395 requires URI schemes names to be
registered using lowecase letters.
---
 lib/vtls/openssl.c  | 2 +-
 src/tool_getparam.c | 2 +-
 src/tool_operate.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0a6b9f46f9c278..5f16dbd95440d6 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -538,7 +538,7 @@ static int ssl_ui_writer(UI *ui, UI_STRING *uis)
  */
 static bool is_pkcs11_uri(const char *string)
 {
-  if(!strncmp(string, "pkcs11:", 7)) {
+  if(strncasecompare(string, "pkcs11:", 7)) {
     return TRUE;
   }
   else {
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index c6b1a0d6f5adea..cf6a3f052768d9 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -337,7 +337,7 @@ void parse_cert_parameter(const char *cert_parameter,
    * looks like a RFC7512 PKCS#11 URI which can be used as-is.
    * Also if cert_parameter contains no colon nor backslash, this
    * means no passphrase was given and no characters escaped */
-  if(!strncmp(cert_parameter, "pkcs11:", 7) ||
+  if(!curl_strnequal(cert_parameter, "pkcs11:", 7) ||
      !strpbrk(cert_parameter, ":\\")) {
     *certname = strdup(cert_parameter);
     return;
diff --git a/src/tool_operate.c b/src/tool_operate.c
index ef50bcd9ab7683..fa44c70d8d473c 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -118,7 +118,7 @@ static bool is_fatal_error(CURLcode code)
  */
 static bool is_pkcs11_uri(const char *string)
 {
-  if(!strncmp(string, "pkcs11:", 7)) {
+  if(curl_strnequal(string, "pkcs11:", 7)) {
     return TRUE;
   }
   else {