fix regex to check CN from server certificate

Currently when the script validates the PKI files and the certificate 'Subject:' field contains RDNs after the Common Name (CN), these values are also included, creating a false result that the CN is not correct. A small change to the sed regex fixes this issue, by extracting only the value for CN and nothing else. The regex is replaced with the exact same regex used to extract the CN value from the client certificate.

fix regex to check CN from server certificate
Currently when the script validates the PKI files and the certificate 'Subject:' field contains RDNs after the Common Name (CN), these values are also included, creating a false result that the CN is not correct. A small change to the sed regex fixes this issue, by extracting only the value for CN and nothing else. The regex is replaced with the exact same regex used to extract the CN value from the client certificate.
d0a60771 · Tiago M. Vieira · Andrea Bolognani · e19dde1d · d0a60771
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

tools/virt-pki-validate.in tools/virt-pki-validate.in +1 -1

未找到文件。
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -255,7 +255,7 @@ then
            echo CA organization: $ORG
            echo Server organization: $S_ORG
        fi
-        S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
+        S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
        if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`"
        then
            echo The server certificate does not seem to match the host name