From c179a0f63c5e21e0e6676611fd2268456fa47efa Mon Sep 17 00:00:00 2001
From: Dustin Kirkland <kirkland@canonical.com>
Date: Thu, 29 Apr 2010 16:20:50 -0500
Subject: [PATCH] Fix virt-pki-validate's determination of CN

Ubuntu's gntls package generates an Issuer line that looks like this:
        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com

While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies

Note the leading whitespace, and the additional fields in the former.

This patch updates the regular expression to:
 * trim leading characters before "Issuer:"
 * trim anything between Issuer: and CN=
 * trim anything after the next ,

I've tested this against the certool output of both RH and Ubuntu
generated certs.

Signed-off-by: Dustin Kirkland <kirkland@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
 tools/virt-pki-validate.in | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index f77521d1d9..207fa76c62 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -130,7 +130,12 @@ then
     echo "as root do: chmod 644 $CA/cacert.pem"
     exit 1
 fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'`
+sed_get_org='/Issuer:/ {
+  s/.*Issuer:.*CN=//
+  s/,.*//
+  p
+}'
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"`
 if [ "$ORG" = "" ]
 then
     echo the CA certificate $CA/cacert.pem does not define the organization