From: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
Ubuntu's gntls package generates an Issuer line that looks like this:
Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@xxxxxxxxxxx
While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies
Note the leading whitespace, and the additional fields in the former.
This patch updates the regular expression to:
* trim leading characters before "Issuer:"
* trim anything between Issuer: and CN=
* trim anything after the next ,
I've tested this against the certool output of both RH and Ubuntu
generated certs.
Signed-off-by: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
---
tools/virt-pki-validate.in | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index f77521d..207fa76 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -130,7 +130,12 @@ then
echo "as root do: chmod 644 $CA/cacert.pem"
exit 1
fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'`
+sed_get_org='/Issuer:/ {
+ s/.*Issuer:.*CN=//
+ s/,.*//
+ p
+}'
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"`
if [ "$ORG" = "" ]
then
echo the CA certificate $CA/cacert.pem does not define the organization
--
1.6.6.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list