changed method for parsing issuer cn, fixing compatibility with some openssl versions

2026-03-27 19:41:09 +01:00 · 2020-12-09 19:38:27 +01:00
parent 589e9f30b3
commit fbcaac89f9
1 changed files with 2 additions and 6 deletions
--- a/8
+++ b/8
@@ -928,13 +928,9 @@ extract_altnames() {
  fi
 }

-# Get last subject CN in certificate chain
+# Get last issuer CN in certificate chain
 get_last_cn() {
-  cn="$("${OPENSSL}" verify -CAfile <(echo "${1}") -show_chain <(echo "${1}") | tail -n 1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/')"
-  if [ -z "${cn}" ]; then
-    _exiterr "Error while fetching CN from certificate chain"
-  fi
-  printf "${cn}"
+  <<<"${1}" _sed 'H;/-----BEGIN CERTIFICATE-----/h;$!d;x' | "${OPENSSL}" x509 -noout -issuer | head -n1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/'
 }

 # Create certificate for domain(s) and outputs it FD 3