On Fri, 2018-01-26 at 14:33 -0500, Tiago M. Vieira wrote: > Currently when the script validates the PKI files and > the certificate 'Subject:' field contains RDNs after > the Common Name (CN), these values are also included, > creating a false result that the CN is not correct. > > A small change to the sed regex fixes this issue, by > extracting only the value for CN and nothing else. The > regex is replaced with the exact same regex used to > extract the CN value from the client certificate. > --- > tools/virt-pki-validate.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in > index 206637abf..b04680dde 100755 > --- a/tools/virt-pki-validate.in > +++ b/tools/virt-pki-validate.in > @@ -255,7 +255,7 @@ then > echo CA organization: $ORG > echo Server organization: $S_ORG > fi > - S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'` > + S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'` > if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`" > then > echo The server certificate does not seem to match the host name ACK and pushed. Congratulation on your first contribution to libvirt! :) -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
