On Tue, Dec 11, 2018 at 10:04:34AM +0100, Kashyap Chamarthy wrote: > On Mon, Dec 10, 2018 at 04:53:27PM +0000, Daniel P. Berrangé wrote: > > The virt-pki-validate tool is extracting components in the x509 > > certificate Subject field. Unfortunately the regex it is is using is far > > too strict, and so truncating valid data. It needs to consider ',' as a > > field separator, and if that's not there take all data until the EOL. > > [...] > > > --- > > tools/virt-pki-validate.in | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in > > index b04680ddef..c3fadbba64 100755 > > --- a/tools/virt-pki-validate.in > > +++ b/tools/virt-pki-validate.in > > @@ -201,14 +201,14 @@ then > > echo Client certificate $LIBVIRT/clientcert.pem should be world readable > > echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644 $LIBVIRT/clientcert.pem" > > else > > - S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'` > > + S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([^,]*\).*+\1+'` > > Unrelated to this patch, nit-pick: s/S_ORG/C_ORG/ here? Because we use > 'S_ORG' further below in the script for server certificate. Yes, that's a harmless mistake but i'll push a trivial patch to rename it. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
