Perform case-insensitive comparison of the Common Name to the GUN in …

…x509 certificate validation Signed-off-by: Stefan Zhelyazkov <stefan.zhelyazkov@gmail.com>
notaryproject · Nov 23, 2021 · 2c99de2 · 2c99de2
1 parent 1062e48
commit 2c99de2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/trustpinning/certs.go b/trustpinning/certs.go
@@ -185,7 +185,7 @@ func MatchCNToGun(commonName string, gun data.GUN) bool {
 		logrus.Debugf("checking gun %s against wildcard prefix %s", gun, prefix)
 		return strings.HasPrefix(gun.String(), prefix)
 	}
-	return commonName == gun.String()
+	return strings.EqualFold(commonName, gun.String())
 }
 
 // validRootLeafCerts returns a list of possibly (if checkExpiry is true) non-expired, non-sha1 certificates