skip empty common names in vmm_tls

src/vmm_core.ml

@@ -61,7 +61,7 @@ let domain id = match List.rev id with
   | [] -> []
 
 let pp_id ppf ids =
-  Fmt.(pf ppf "%a" (list ~sep:(unit ".") string) ids)
+  Fmt.(pf ppf "(%d)%a" (List.length ids) (list ~sep:(unit ".") string) ids)
 
 let pp_is ppf is = Fmt.pf ppf "%a" Fmt.(list ~sep:(unit ",") int) (IS.elements is)
 

src/vmm_resources.ml

@@ -27,6 +27,13 @@ type entry =
 
 type t = entry Vmm_trie.t
 
+let pp ppf t =
+  Vmm_trie.fold [] t
+    (fun id ele () -> match ele with
+       | Vm vm -> Fmt.pf ppf "vm %a: %a@." pp_id id pp_vm_config vm.config
+       | Policy p -> Fmt.pf ppf "policy %a: %a@." pp_id id pp_policy p)
+       ()
+
 let empty = Vmm_trie.empty
 
 let remove t name = Vmm_trie.remove name t

src/vmm_resources.mli

@@ -39,3 +39,6 @@ val remove : t -> Vmm_core.id -> t
 val fold : t -> Vmm_core.id ->
   (Vmm_core.id -> Vmm_core.vm -> 'a -> 'a) ->
   (Vmm_core.id -> Vmm_core.policy -> 'a -> 'a) -> 'a -> 'a
+
+(** [pp] is a pretty printer for [t]. *)
+val pp : t Fmt.t

src/vmm_tls.ml

@@ -8,7 +8,13 @@ let name chain =
   List.fold_left (fun acc cert ->
       match X509.Extension.unsupported cert Vmm_asn.oid with
       | None -> acc
-      | Some _ -> X509.common_name_to_string cert :: acc)
+      | Some _ ->
+        let data = X509.common_name_to_string cert in
+        (* if the common name is empty, skip [useful for vmmc_bistro at least]
+           TODO: document properly and investigate potential security issue with
+           multi-tenant system (likely ca should ensure to never sign a delegation
+           with empty common name) *)
+        if data = "" then acc else data :: acc)
     [] chain
 
 (* this separates the leaf and top-level certificate from the chain,