Signing: certificate fingerprint comparisons should be case-insensitive #13198
Labels
Area:Settings
NuGet.Config and related issues
Functionality:Signing
Priority:3
Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog.
Type:DCR
Design Change Request
Comments
dtivel
added
Type:DCR
kartheekp-ms
added
Area:Settings
aortiz-msft
added
Priority:3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NuGet Product(s) Affected
NuGet.exe, Visual Studio Package Management UI, Visual Studio Package Manager Console, dotnet.exe
Current Behavior
See #13114.
If you hand-edit nuget.config and copy-and-paste in a lower-case certificate fingerprint, the trusted signer feature won't work. Only if the fingerprint is upper case will it work.
Desired Behavior
Certificate fingerprints are commonly represented in hexadecimal, which is case-insensitive. We already perform case-insensitive string comparisons on certificate fingerprints here and here, but not here or critically here. (Note: this is not an exhaustive list of fingerprint comparisons.)
While hand-editing nuget.config, especially for trusted signers, is not recommended, it is frustrating to realize --- because it's undocumented, to the best of my knowledge --- that the fingerprint must be upper case.
Additional Context
No response
The text was updated successfully, but these errors were encountered: