[libvirt] [PATCH] fix regex to check CN from server certificate
Andrea Bolognani
abologna at redhat.com
Thu Feb 8 17:06:37 UTC 2018
On Fri, 2018-01-26 at 14:33 -0500, Tiago M. Vieira wrote:
> Currently when the script validates the PKI files and
> the certificate 'Subject:' field contains RDNs after
> the Common Name (CN), these values are also included,
> creating a false result that the CN is not correct.
>
> A small change to the sed regex fixes this issue, by
> extracting only the value for CN and nothing else. The
> regex is replaced with the exact same regex used to
> extract the CN value from the client certificate.
> ---
> tools/virt-pki-validate.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
> index 206637abf..b04680dde 100755
> --- a/tools/virt-pki-validate.in
> +++ b/tools/virt-pki-validate.in
> @@ -255,7 +255,7 @@ then
> echo CA organization: $ORG
> echo Server organization: $S_ORG
> fi
> - S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
> + S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
> if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`"
> then
> echo The server certificate does not seem to match the host name
ACK and pushed.
Congratulation on your first contribution to libvirt! :)
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list