Fix virt-pki-validate's determination of CN This patch is a follow-up to: cb06a9bfe529e64b15773cb86781ae14c09f8216 "portability fixes to tools/virt-pki-validate.in" addressing Eric Blake's concerns about the regular expression. Ubuntu's gntls package generates an Issuer line that looks like this: Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@xxxxxxxxxxx While Red Hat's looks like this Issuer: CN=Red Hat Emerging Technologies Note the leading whitespace, and the additional fields in the former. This patch updates the regular expression to: * trim leading characters before "Issuer:" * trim anything between Issuer: and CN= * trim anything after the next , I've tested this against the certool output of both RH and Ubuntu generated certs. I know that Eric dislikes the leading grep. My apologies. I spent more time than I care to admit trying to get sed to select that one line, and then run two regexes against it. Feel free to correct this patch and educate me, if you have a better way. Thanks! Signed-off-by: Dustin Kirkland <kirkland@xxxxxxxxxxxxx> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index f77521d..c44aa9d 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -130,7 +130,7 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep "Issuer:" | sed -e 's/^.*Issuer:.*CN=//' -e 's/,.*$//'` if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list