Skip to content

Commit

Permalink
Pull out issuer CN in messages instead of issuer DN.
Browse files Browse the repository at this point in the history 
Soften message in no-KeyName, unknown issuer case.
  • Loading branch information
@iay
iay committed Feb 21, 2008
1 parent 22886af commit 48010e5
Showing 1 changed file with 19 additions and 6 deletions.
25 changes: 19 additions & 6 deletions build/check_embedded.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,18 @@
#
# Use openssl to convert the certificate to text
#
my(@lines, $issuer, $subjectCN);
$cmd = "openssl x509 -in $filename -noout -text |";
my(@lines, $issuer, $subjectCN, $issuerCN);
$cmd = "openssl x509 -in $filename -noout -text -nameopt RFC2253 |";
open(SSL, $cmd) || die "could not open openssl subcommand";
while (<SSL>) {
push @lines, $_;
if (/^\s*Issuer:\s*(.*)$/) {
$issuer = $1;
if ($issuer =~ /CN=([^,]+)/) {
$issuerCN = $1;
} else {
$issuerCN = $issuer;
}
}
if (/^\s*Subject:\s*.*CN=([a-z0-9\-\.]+).*$/) {
$subjectCN = $1;
Expand Down Expand Up @@ -121,16 +126,24 @@
#
# Now, adjust for our expectations.
#
if (!$hasKeyName && $error eq 'self signed certificate') {
$error = '';
print " (self signed certificate)\n";
# Pretty much any certificate is fine if we don't have a KeyName.
#
if (!$hasKeyName) {
if ($error eq 'self signed certificate') {
$error = '';
print " (self signed certificate)\n";
} elsif ($error eq 'unable to get local issuer certificate') {
$error = '';
print " (unknown issuer: $issuerCN)\n";
}
}

if ($hasKeyName && $error eq 'self signed certificate') {
$error = 'self signed certificate: remove KeyName?';
}

if ($error eq 'unable to get local issuer certificate') {
$error = "unknown issuer: $issuer";
$error = "unknown issuer: $issuerCN";
}

if ($error ne '') {
Expand Down

0 comments on commit 48010e5

Please sign in to comment.