On Fri, 2018-01-26 at 14:33 -0500, Tiago M. Vieira wrote:
> Currently when the script validates the PKI files and
> the certificate 'Subject:' field contains RDNs after
> the Common Name (CN), these values are also included,
> creating a false result that the CN is not correct.
>
> A small change to the sed regex fixes this issue, by
> extracting only the value for CN and nothing else. The
> regex is replaced with the exact same regex used to
> extract the CN value from the client certificate.
> ---
> tools/virt-pki-validate.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
> index 206637abf..b04680dde 100755
> --- a/tools/virt-pki-validate.in
> +++ b/tools/virt-pki-validate.in
> @@ -255,7 +255,7 @@ then
> echo CA organization: $ORG
> echo Server organization: $S_ORG
> fi
> -S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep
> Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
> +S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep
> Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
> if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" !=
> "`hostname`"
> then
> echo The server certificate does not seem to match the host name
ACK and pushed.
Congratulation on your first contribution to libvirt! :)
--
Andrea Bolognani / Red Hat / Virtualization
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
