[pmg-devel] [PATCH pmg-api] cluster: fingerprint parsing: adapt to changed openssl output
Stoiko Ivanov
s.ivanov at proxmox.com
Mon Jul 24 13:06:24 CEST 2023
currently updating the fingerprints using `pmgcm update-fingerprints`
runs into an error indicating that parsing of the remote node's
fingerprint fails
The error is due to changed output in openssl's x509 command,
introduced in commit:
91034b68b39e3525f09fb263b9272de410a3ba4c
in openssl upstream [0]
Note that in that case it would equally work to change the parameter
from `-sha256` to `-SHA256` in the `openssl x509` command above
The change seems small enough to warrant pulling it into stable-7 as
well (although the issue should not occur in systems upgraded
according to our howtos).
[0] https://github.com/openssl/openssl/commit/91034b68b39e3525f09fb263b9272de410a3ba4c
Reported-by: Martin Maurer <martin at proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
quickly tested on a cluster of mine.
src/PMG/Cluster.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PMG/Cluster.pm b/src/PMG/Cluster.pm
index e9a6054..c431521 100644
--- a/src/PMG/Cluster.pm
+++ b/src/PMG/Cluster.pm
@@ -307,7 +307,7 @@ sub get_remote_cert_fingerprint {
eval {
PVE::Tools::run_command($ssh_cmd, outfunc => sub {
my ($line) = @_;
- if ($line =~ m/SHA256 Fingerprint=((?:[A-Fa-f0-9]{2}:){31}[A-Fa-f0-9]{2})/) {
+ if ($line =~ m/SHA256 Fingerprint=((?:[A-Fa-f0-9]{2}:){31}[A-Fa-f0-9]{2})/i) {
$fp = $1;
}
});
--
2.39.2
More information about the pmg-devel
mailing list