From 2244ef69ba751fb58c4655f2cd036a675ce96879 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 3 Jul 2017 00:55:41 +0100
Subject: [PATCH] lib/func.tcl: Cope with a gratuitous OpenSSL output-format
 change.

---
 lib/func.tcl | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/lib/func.tcl b/lib/func.tcl
index 9e03b5b..3dd35c3 100644
--- a/lib/func.tcl
+++ b/lib/func.tcl
@@ -454,13 +454,21 @@ proc req-key-hash {file} {
 	      openssl dgst -sha256 -hex] end]
 }
 
+proc hack-openssl-dn {out} {
+  ## Convert OpenSSL's hopeless output into a DN.
+
+  if {[regexp {^subject=\s*(/.*)$} $out -> dn]} { return $dn }
+  if {[regexp {^subject=(.*)$} $out -> t]} {
+    set t [regsub {^(\w+) = } $t {/\1=}]
+    set t [regsub -all {, (\w+) = } $t {/\1=}]
+    return $t
+  }
+}
+
 proc req-dn {file} {
   ## Return the distinguished name from the certificate request in FILE.
 
-  regexp {^subject=\s*(/.*)$} \
-      [exec openssl req -in $file -noout -subject] \
-      -> dn
-  return $dn
+  return [hack-openssl-dn [exec openssl req -in $file -noout -subject]]
 }
 
 proc cert-key-hash {file} {
@@ -475,10 +483,7 @@ proc cert-key-hash {file} {
 proc cert-dn {file} {
   ## Return the distinguished name from the certificate in FILE.
 
-  regexp {^subject=\s*(/.*)$} \
-      [exec openssl x509 -in $file -noout -subject] \
-      -> dn
-  return $dn
+  return [hack-openssl-dn [exec openssl x509 -in $file -noout -subject]]
 }
 
 proc cert-seq {file} {
-- 
2.11.0