From 4691082c9b0659476e919bd7a8a30ec1b5537a7c Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 22 Jan 2009 12:11:16 +0000
Subject: case-insensitive check of SSL fingerprints (Daniel Richard G.)

Daniel Richard G. writes:
| I was clearing out an old Fetchmail SVN checkout I had lying around
| here, and came across one small change that I forgot to send in.
|
| In socket.c, there's a bit of code that compares SSL certificate
| fingerprints: [...]
|
| That strcmp() call should be an strcasecmp(). At one point, I
| encountered a certificate where the fingerprint's hex digits were in a
| different case than what was expected, and the connection attempt failed
| because of that.  Not exactly what you'd call a potential MitM attack
| :-)

He's right, we can compare case-insensitively without sacrificing
fetchmail's security, so let's just do that for the sake of ease of use.

svn path=/branches/BRANCH_6-3/; revision=5262
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index b026effb..a86d05c0 100644
--- a/NEWS
+++ b/NEWS
@@ -57,6 +57,9 @@ fetchmail 6.3.10 (not yet released):
 * Do not overlap source and destination fields in snprintf() in interface.c.
   Courtesy of Nico Golde, Debian.
 
+# CHANGES
+* Make the comparison of the SSL fingerprints case insensitive, to
+  ease its use. Suggested by Daniel Richard G.
 # TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
 * [it] Italian (Vincenzo Campanella)
 
-- 
cgit v1.2.3