Automatically tolower DNS names

DNS is case insensitive and forcing the DNS name to lowercase means we don't have to tolower while comparing name constraints.
randombit · May 10, 2024 · e1b73b0 · e1b73b0
1 parent 0b70811
commit e1b73b0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/src/lib/x509/alt_name.cpp b/src/lib/x509/alt_name.cpp
@@ -27,7 +27,7 @@ void AlternativeName::add_email(std::string_view addr) {
 
 void AlternativeName::add_dns(std::string_view dns) {
    if(!dns.empty()) {
-      m_dns.insert(std::string(dns));
+      m_dns.insert(tolower_string(dns));
    }
 }
 

diff --git a/src/lib/x509/name_constraint.cpp b/src/lib/x509/name_constraint.cpp
@@ -173,9 +173,9 @@ GeneralName::MatchResult GeneralName::matches(const X509_Certificate& cert) cons
 
 //static
 bool GeneralName::matches_dns(const std::string& name, const std::string& constraint) {
-   // constraint is assumed already tolower
+   // both constraint and name are assumed already tolower
    if(name.size() == constraint.size()) {
-      return tolower_string(name) == constraint;
+      return name == constraint;
    } else if(constraint.size() > name.size()) {
       // The constraint is longer than the issued name: not possibly a match
       return false;
@@ -185,7 +185,7 @@ bool GeneralName::matches_dns(const std::string& name, const std::string& constr
       const std::string constr = constraint.front() == '.' ? constraint : "." + constraint;
       BOTAN_ASSERT_NOMSG(name.size() >= constr.size());
       const std::string substr = name.substr(name.size() - constr.size(), constr.size());
-      return tolower_string(substr) == constr;
+      return substr == constr;
    }
 }