From bb6015a22402ec8e75df18376d44c9135eb916c2 Mon Sep 17 00:00:00 2001
From: DJ Lucas <dj@lucasit.com>
Date: Wed, 4 Aug 2021 20:38:53 -0500
Subject: [PATCH] make-ca: Use 'Subject:' line for certificate name, and use
 last OU= value for fallback.

---
 make-ca | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/make-ca b/make-ca
index 37880f8..e12b206 100644
--- a/make-ca
+++ b/make-ca
@@ -413,18 +413,17 @@ function get_p11_label() {
   # $1 == individual nss certificate extracted from certdata.txt
   #       or x509 certificate with OpenSSL text values
 
-  p11label="$(grep -m1 "Issuer" ${1} | grep -o CN=.*$ | \
-              cut -d ',' -f 1 | sed 's@CN=@@')"
+  subjectline=$(grep -m1 "Subject:" ${1} | sed 's@\s*=\s*@=@g')
 
-  # Fallback to the OU value if CN does not exeist in Issuer string
+  p11label="$(echo ${subjectline} | grep -o "CN=.*$" | cut -d ',' -f 1 | sed 's@CN=@@')"
+
+  # Fallback to the last OU value if CN does not exeist in Subject string
   if [ "${p11label}" == "" ]; then
-      p11label="$(grep -m1 "Issuer" ${1} | grep -o "OU=.*$" | \
-                  cut -d ',' -f 1 | sed 's@OU=@@')"
+      p11label="$(echo ${subjectline} | grep -o "OU=.*$" | sed 's@OU=.*, OU=@OU=@g'| cut -d ',' -f 1 | sed 's@OU=@@')"
 
       # If still empty, fall back to Object value as a last resort
       if [ "${p11label}" == "" ]; then
-          p11label="$(grep -m1 "Issuer" ${1} | grep -o "O=.*$" | \
-                        cut -d ',' -f 1 | sed 's@O=@@')"
+          p11label="$(echo ${subjectline} | grep -o "O=.*$" | cut -d ',' -f 1 | sed 's@O=@@')"
       fi
   fi
 }