lib/func.tcl: Cope with a gratuitous OpenSSL output-format change.

author Mark Wooding <mdw@distorted.org.uk>

Sun, 2 Jul 2017 23:55:41 +0000 (00:55 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Sun, 2 Jul 2017 23:55:41 +0000 (00:55 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Sun, 2 Jul 2017 23:55:41 +0000 (00:55 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Sun, 2 Jul 2017 23:55:41 +0000 (00:55 +0100)
diff --git a/lib/func.tcl b/lib/func.tcl

index 9e03b5baac201b9e721b909b59418410d0ebed24..3dd35c31efd74fd6b0522b886d5da90d45e5be33 100644 (file)
--- a/lib/func.tcl
+++ b/lib/func.tcl
@@ -454,13 +454,21 @@ proc req-key-hash {file} {
               openssl dgst -sha256 -hex] end]
  }
  
+proc hack-openssl-dn {out} {
+  ## Convert OpenSSL's hopeless output into a DN.
+
+  if {[regexp {^subject=\s*(/.*)$} $out -> dn]} { return $dn }
+  if {[regexp {^subject=(.*)$} $out -> t]} {
+    set t [regsub {^(\w+) = } $t {/\1=}]
+    set t [regsub -all {, (\w+) = } $t {/\1=}]
+    return $t
+  }
+}
+
  proc req-dn {file} {
    ## Return the distinguished name from the certificate request in FILE.
  
-  regexp {^subject=\s*(/.*)$} \
-      [exec openssl req -in $file -noout -subject] \
-      -> dn
-  return $dn
+  return [hack-openssl-dn [exec openssl req -in $file -noout -subject]]
  }
  
  proc cert-key-hash {file} {
@@ -475,10 +483,7 @@ proc cert-key-hash {file} {
  proc cert-dn {file} {
    ## Return the distinguished name from the certificate in FILE.
  
-  regexp {^subject=\s*(/.*)$} \
-      [exec openssl x509 -in $file -noout -subject] \
-      -> dn
-  return $dn
+  return [hack-openssl-dn [exec openssl x509 -in $file -noout -subject]]
  }
  
  proc cert-seq {file} {
author	Mark Wooding <mdw@distorted.org.uk>
	Sun, 2 Jul 2017 23:55:41 +0000 (00:55 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sun, 2 Jul 2017 23:55:41 +0000 (00:55 +0100)