id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	phpversion	appname	pending	exts	sapi	probability	blocking
184	mod_secdownload MD5 compare should not be case sensitive	sejamich@…	moo	"Sry, for crossposting ...
In mod_secure_download.c you check on line 143 (int is_hex_len) for a 
valid case insensitive MD5. So far so good. Later in 306 there is a 
strncmp (case sensitive compare) to the generated (lower case) MD5. 
Unfortunatly we used uppercase MD5 so now we have to use mod_rewrite and MD5 is a hex str so it should be no matter whether the input is lower or upper case.
So please use strncasecmp or transform the input to lower case

# tail /var/log/lighttpd/error.log
2008-07-02 13:57:42: (mod_secure_download.c.273) md5 invalid: 
B382E117AFE4B8F68CCF7F53364AD9FC/486B6D31/1395698/caesariv_update_de_10_12.exe 
b382e117afe4b8f68ccf7f53364ad9fc"	defect	closed	major	1.3.0	cacher	1.2.1	invalid						0		Irrelevant