From: Dustin Kirkland <kirkl...@canonical.com> Ubuntu's gntls package generates an Issuer line that looks like this: Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,email=hostmas...@example.com
While Red Hat's looks like this Issuer: CN=Red Hat Emerging Technologies Note the leading whitespace, and the additional fields in the former. This patch updates the regular expression to: * trim leading characters before "Issuer:" * trim anything between Issuer: and CN= * trim anything after the next , I've tested this against the certool output of both RH and Ubuntu generated certs. Signed-off-by: Dustin Kirkland <kirkl...@canonical.com> Signed-off-by: Eric Blake <ebl...@redhat.com> --- tools/virt-pki-validate.in | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index f77521d..207fa76 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -130,7 +130,12 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` +sed_get_org='/Issuer:/ { + s/.*Issuer:.*CN=// + s/,.*// + p +}' +ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"` if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization -- 1.6.6.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list