Fix virt-pki-validate's determination of CN

Ubuntu's gntls package generates an Issuer line that looks like this: Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com While Red Hat's looks like this Issuer: CN=Red Hat Emerging Technologies Note the leading whitespace, and the additional fields in the former. This patch updates the regular expression to: * trim leading characters before "Issuer:" * trim anything between Issuer: and CN= * trim anything after the next , I've tested this against the certool output of both RH and Ubuntu generated certs. Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2024-10-02 04:15:46 +00:00 · 2010-04-29 16:20:50 -05:00 · 2010-04-29 16:20:50 -05:00 · c179a0f63c
commit c179a0f63c
parent 5b0aed68b0
1 changed files with 6 additions and 1 deletions
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@ -130,7 +130,12 @@ then
    echo "as root do: chmod 644 $CA/cacert.pem"
    exit 1
 fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'`
+sed_get_org='/Issuer:/ {
+  s/.*Issuer:.*CN=//
+  s/,.*//
+  p
+}'
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"`
 if [ "$ORG" = "" ]
 then
    echo the CA certificate $CA/cacert.pem does not define the organization