Re: [libvirt] [PATCH] Fix virt-pki-validate's determination of CN

From: Dustin Kirkland <kirkland(a)canonical.com&gt; Ubuntu's gntls package generates an Issuer line that looks like this: Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster(a)example.com While Red Hat's looks like this Issuer: CN=Red Hat Emerging Technologies Note the leading whitespace, and the additional fields in the former. This patch updates the regular expression to: * trim leading characters before "Issuer:" * trim anything between Issuer: and CN= * trim anything after the next , I've tested this against the certool output of both RH and Ubuntu generated certs. Signed-off-by: Dustin Kirkland <kirkland(a)canonical.com&gt; Signed-off-by: Eric Blake <eblake(a)redhat.com&gt; --- tools/virt-pki-validate.in | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index f77521d..207fa76 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -130,7 +130,12 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` +sed_get_org='/Issuer:/ { + s/.*Issuer:.*CN=// + s/,.*// + p +}' +ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"` if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization