Merge pull request #9332 from Icinga/bugfix/compare-cluster-tickets-in-constant-time

Compare cluster tickets in constant time

lib/remote/jsonrpcconnection-pki.cpp

@@ -186,7 +186,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 			<< "Certificate request for CN '" << cn << "': Comparing received ticket '"
 			<< ticket << "' with calculated ticket '" << realTicket << "'.";
 
-		if (ticket != realTicket) {
+		if (!Utility::ComparePasswords(ticket, realTicket)) {
 			Log(LogWarning, "JsonRpcConnection")
 				<< "Ticket '" << ticket << "' for CN '" << cn << "' is invalid.";