diff options
| author |   Dustin Kirkland <kirkland@canonical.com> | 2010-04-29 16:20:50 -0500 |
|---|---|---|
| committer |   Eric Blake <eblake@redhat.com> | 2010-04-29 20:10:46 -0600 |
| commit | c179a0f63c5e21e0e6676611fd2268456fa47efa (patch) | |
| tree | 3b664b6ce3b31c0137bc4b70c13f7341dfacec27 | |
| parent | qemudDomainSaveFlag: remove dead store (diff) | |
| download | libvirt-c179a0f63c5e21e0e6676611fd2268456fa47efa.tar.gz libvirt-c179a0f63c5e21e0e6676611fd2268456fa47efa.tar.bz2 libvirt-c179a0f63c5e21e0e6676611fd2268456fa47efa.zip | |
Fix virt-pki-validate's determination of CN
Ubuntu's gntls package generates an Issuer line that looks like this:
Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com
While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies
Note the leading whitespace, and the additional fields in the former.
This patch updates the regular expression to:
* trim leading characters before "Issuer:"
* trim anything between Issuer: and CN=
* trim anything after the next ,
I've tested this against the certool output of both RH and Ubuntu
generated certs.
Signed-off-by: Dustin Kirkland <kirkland@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
| -rwxr-xr-x | tools/virt-pki-validate.in | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index f77521d1d..207fa76c6 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -130,7 +130,12 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` +sed_get_org='/Issuer:/ { + s/.*Issuer:.*CN=// + s/,.*// + p +}' +ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"` if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization |