letsencrypt: FIX CN parsing to work with OpenSSL 1.1 (#25935)

As we can see in
9537453586
:

CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced
whitespaces:
1.0.1: subject=/CN=example.com
1.1.0: subject=CN = example.com

This commit makes them optional.

OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence
of this fix makes us not being able to use this module on this distro.
This commit is contained in:
Virgil Dupras 2017-06-28 01:39:54 -04:00 committed by René Moser
parent 3bd8dbb53d
commit 9474f20f2d

View file

@ -536,7 +536,7 @@ class ACMEClient(object):
_, out, _ = self.module.run_command(openssl_csr_cmd, check_rc=True)
domains = set([])
common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8'))
common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8'))
if common_name is not None:
domains.add(common_name.group(1))
subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE | re.DOTALL)