From f76fc34bbf2574661d5eb4de5d213328cb378b97 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Wed, 12 May 2010 12:54:14 +0000
Subject: [PATCH] Accept CNs containing upper-case characters.  Convert CNs and
 DNS subjectAltNames to lower case so that comparison will be
 case-insensitive.  This reflects the way that the Shibboleth trust engine
 works.

---
 build/check_embedded.pl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index e10bc730..61963e93 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -170,9 +170,9 @@ sub comment {
 				next;
 			}
 			
-			if (/^\s*Subject:\s*.*?CN=([a-z0-9\-\.]+).*$/) {
+			if (/^\s*Subject:\s*.*?CN=([a-zA-Z0-9\-\.]+).*$/) {
 				$subjectCN = $1;
-				$names{$subjectCN}++;
+				$names{lc $subjectCN}++;
 				# print "subjectCN = $subjectCN\n";
 				next;
 			}
@@ -248,7 +248,7 @@ sub comment {
 				#
 				while (@altNames) {
 					my ($type, $altName) = split(":", pop @altNames);
-					$names{$altName}++ if $type eq 'DNS'; 
+					$names{lc $altName}++ if $type eq 'DNS'; 
 				}
 				next;
 			}
@@ -260,7 +260,7 @@ sub comment {
 		#
 		# Check KeyName if one has been supplied.
 		#
-		if ($hasKeyName && !defined($names{$keyname})) {
+		if ($hasKeyName && !defined($names{lc $keyname})) {
 			my $nameList = join ", ", sort keys %names;
 			error("KeyName mismatch: $keyname not in {$nameList}");
 		}