From nobody Thu May 2 00:44:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1516995671435629.583898483971; Fri, 26 Jan 2018 11:41:11 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5A162C03675D; Fri, 26 Jan 2018 19:41:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D4BE86061B; Fri, 26 Jan 2018 19:41:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9DC62410B7; Fri, 26 Jan 2018 19:41:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w0QJXEWM028883 for ; Fri, 26 Jan 2018 14:33:14 -0500 Received: by smtp.corp.redhat.com (Postfix) id 36A6D5D72D; Fri, 26 Jan 2018 19:33:14 +0000 (UTC) Received: from asterix.boston.devel.redhat.com (asterix.boston.devel.redhat.com [10.19.60.116]) by smtp.corp.redhat.com (Postfix) with ESMTP id 07C845D732; Fri, 26 Jan 2018 19:33:04 +0000 (UTC) From: "Tiago M. Vieira" To: libvir-list@redhat.com Date: Fri, 26 Jan 2018 14:33:02 -0500 Message-Id: <20180126193302.18394-1-tmv@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: "Tiago M. Vieira" Subject: [libvirt] [PATCH] fix regex to check CN from server certificate X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 26 Jan 2018 19:41:10 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Currently when the script validates the PKI files and the certificate 'Subject:' field contains RDNs after the Common Name (CN), these values are also included, creating a false result that the CN is not correct. A small change to the sed regex fixes this issue, by extracting only the value for CN and nothing else. The regex is replaced with the exact same regex used to extract the CN value from the client certificate. --- tools/virt-pki-validate.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index 206637abf..b04680dde 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -255,7 +255,7 @@ then echo CA organization: $ORG echo Server organization: $S_ORG fi - S_HOST=3D`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep = Subject: | sed 's+.*CN=3D\([a-zA-Z\. _-]*\)+\1+'` + S_HOST=3D`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep = Subject: | sed 's+.*CN=3D\(.[a-zA-Z \._-]*\).*+\1+'` if test "$S_HOST" !=3D "`hostname -s`" && test "$S_HOST" !=3D "`ho= stname`" then echo The server certificate does not seem to match the host na= me --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list