We produce sha256 digest string using %x snprintf()
qualifier for each byte of digest which uses alphabetic
characters from "a" to "f" in lower case to represent
integer values from 10 to 15.
Previously all of the NVD META files supply sha256
digest string for corresponding XML file in lower case.
However due to some reason this changed recently to
provide digest digits in upper case causing fetched
data consistency checks to fail. This prevents database
from being updated periodically.
While commit c4f6e94 (update: Do not treat sha256 failure
as fatal if requested) adds useful option to skip
digest validation at all and thus provides workaround for
this situation, it might be unacceptable for some
deployments where we need to ensure that downloaded
data is consistent before start parsing it and update
SQLite database.
Use strcasecmp() to compare two digest strings case
insensitively and addressing this case.
Coverage remained the same at 61.372% when pulling b0426e63c9ac61657e029f689bcb8dd051e752c6 on popovich-sergei:master into c4f6e945307325d7cab30ba9366571a19364c1ef on ikeydoherty:master.
We produce sha256 digest string using %x snprintf() qualifier for each byte of digest which uses alphabetic characters from "a" to "f" in lower case to represent integer values from 10 to 15.
Previously all of the NVD META files supply sha256 digest string for corresponding XML file in lower case.
However due to some reason this changed recently to provide digest digits in upper case causing fetched data consistency checks to fail. This prevents database from being updated periodically.
While commit c4f6e94 (update: Do not treat sha256 failure as fatal if requested) adds useful option to skip digest validation at all and thus provides workaround for this situation, it might be unacceptable for some deployments where we need to ensure that downloaded data is consistent before start parsing it and update SQLite database.
Use strcasecmp() to compare two digest strings case insensitively and addressing this case.
Signed-off-by: Sergey Popovich popovich_sergei@mail.ua