[libvirt] [PATCH] Fix virt-pki-validate's determination of CN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fix virt-pki-validate's determination of CN

This patch is a follow-up to:
    cb06a9bfe529e64b15773cb86781ae14c09f8216
    "portability fixes to tools/virt-pki-validate.in"
addressing Eric Blake's concerns about the regular expression.

Ubuntu's gntls package generates an Issuer line that looks like this:
        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@xxxxxxxxxxx

While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies

Note the leading whitespace, and the additional fields in the former.

This patch updates the regular expression to:
 * trim leading characters before "Issuer:"
 * trim anything between Issuer: and CN=
 * trim anything after the next ,

I've tested this against the certool output of both RH and Ubuntu
generated certs.

I know that Eric dislikes the leading grep.  My apologies.  I spent more
time than I care to admit trying to get sed to select that one line, and
then run two regexes against it.  Feel free to correct this patch and
educate me, if you have a better way.  Thanks!

Signed-off-by: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>

diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index f77521d..c44aa9d 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -130,7 +130,7 @@ then
     echo "as root do: chmod 644 $CA/cacert.pem"
     exit 1
 fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'`
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep "Issuer:" | sed -e 's/^.*Issuer:.*CN=//' -e 's/,.*$//'`
 if [ "$ORG" = "" ]
 then
     echo the CA certificate $CA/cacert.pem does not define the organization

Attachment: signature.asc
Description: This is a digitally signed message part

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]