Fix virt-pki-validate's determination of CN
This patch is a follow-up to:
cb06a9bfe529e64b15773cb86781ae14c09f8216
"portability fixes to tools/virt-pki-validate.in"
addressing Eric Blake's concerns about the regular expression.
Ubuntu's gntls package generates an Issuer line that looks like this:
Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@xxxxxxxxxxx
While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies
Note the leading whitespace, and the additional fields in the former.
This patch updates the regular expression to:
* trim leading characters before "Issuer:"
* trim anything between Issuer: and CN=
* trim anything after the next ,
I've tested this against the certool output of both RH and Ubuntu
generated certs.
I know that Eric dislikes the leading grep. My apologies. I spent more
time than I care to admit trying to get sed to select that one line, and
then run two regexes against it. Feel free to correct this patch and
educate me, if you have a better way. Thanks!
Signed-off-by: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index f77521d..c44aa9d 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -130,7 +130,7 @@ then
echo "as root do: chmod 644 $CA/cacert.pem"
exit 1
fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'`
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep "Issuer:" | sed -e 's/^.*Issuer:.*CN=//' -e 's/,.*$//'`
if [ "$ORG" = "" ]
then
echo the CA certificate $CA/cacert.pem does not define the organization
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list