提交 c179a0f6 编写于 作者: D Dustin Kirkland 提交者: Eric Blake

Fix virt-pki-validate's determination of CN

Ubuntu's gntls package generates an Issuer line that looks like this:
        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com

While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies

Note the leading whitespace, and the additional fields in the former.

This patch updates the regular expression to:
 * trim leading characters before "Issuer:"
 * trim anything between Issuer: and CN=
 * trim anything after the next ,

I've tested this against the certool output of both RH and Ubuntu
generated certs.
Signed-off-by: NDustin Kirkland <kirkland@canonical.com>
Signed-off-by: NEric Blake <eblake@redhat.com>
上级 5b0aed68
...@@ -130,7 +130,12 @@ then ...@@ -130,7 +130,12 @@ then
echo "as root do: chmod 644 $CA/cacert.pem" echo "as root do: chmod 644 $CA/cacert.pem"
exit 1 exit 1
fi fi
ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` sed_get_org='/Issuer:/ {
s/.*Issuer:.*CN=//
s/,.*//
p
}'
ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"`
if [ "$ORG" = "" ] if [ "$ORG" = "" ]
then then
echo the CA certificate $CA/cacert.pem does not define the organization echo the CA certificate $CA/cacert.pem does not define the organization
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册