[libvirt] [PATCH] fix regex to check CN from server certificate

[Andrea Bolognani]

On Fri, 2018-01-26 at 14:33 -0500, Tiago M. Vieira wrote:
> Currently when the script validates the PKI files and
> the certificate 'Subject:' field contains RDNs after
> the Common Name (CN), these values are also included,
> creating a false result that the CN is not correct.
> 
> A small change to the sed regex fixes this issue, by
> extracting only the value for CN and nothing else. The
> regex is replaced with the exact same regex used to
> extract the CN value from the client certificate.
> ---
>  tools/virt-pki-validate.in | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
> index 206637abf..b04680dde 100755
> --- a/tools/virt-pki-validate.in
> +++ b/tools/virt-pki-validate.in
> @@ -255,7 +255,7 @@ then
>              echo CA organization: $ORG
>              echo Server organization: $S_ORG
>          fi
> -        S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
> +        S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
>          if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`"
>          then
>              echo The server certificate does not seem to match the host name

ACK and pushed.

Congratulation on your first contribution to libvirt! :)

-- 
Andrea Bolognani / Red Hat / Virtualization