diff --git a/src/vmm_core.ml b/src/vmm_core.ml index 63abb84..43243ee 100644 --- a/src/vmm_core.ml +++ b/src/vmm_core.ml @@ -61,7 +61,7 @@ let domain id = match List.rev id with | [] -> [] let pp_id ppf ids = - Fmt.(pf ppf "%a" (list ~sep:(unit ".") string) ids) + Fmt.(pf ppf "(%d)%a" (List.length ids) (list ~sep:(unit ".") string) ids) let pp_is ppf is = Fmt.pf ppf "%a" Fmt.(list ~sep:(unit ",") int) (IS.elements is) diff --git a/src/vmm_resources.ml b/src/vmm_resources.ml index e9459d8..abb37f1 100644 --- a/src/vmm_resources.ml +++ b/src/vmm_resources.ml @@ -27,6 +27,13 @@ type entry = type t = entry Vmm_trie.t +let pp ppf t = + Vmm_trie.fold [] t + (fun id ele () -> match ele with + | Vm vm -> Fmt.pf ppf "vm %a: %a@." pp_id id pp_vm_config vm.config + | Policy p -> Fmt.pf ppf "policy %a: %a@." pp_id id pp_policy p) + () + let empty = Vmm_trie.empty let remove t name = Vmm_trie.remove name t diff --git a/src/vmm_resources.mli b/src/vmm_resources.mli index d41d64a..aa5a162 100644 --- a/src/vmm_resources.mli +++ b/src/vmm_resources.mli @@ -39,3 +39,6 @@ val remove : t -> Vmm_core.id -> t val fold : t -> Vmm_core.id -> (Vmm_core.id -> Vmm_core.vm -> 'a -> 'a) -> (Vmm_core.id -> Vmm_core.policy -> 'a -> 'a) -> 'a -> 'a + +(** [pp] is a pretty printer for [t]. *) +val pp : t Fmt.t diff --git a/src/vmm_tls.ml b/src/vmm_tls.ml index 581ba25..df68224 100644 --- a/src/vmm_tls.ml +++ b/src/vmm_tls.ml @@ -8,7 +8,13 @@ let name chain = List.fold_left (fun acc cert -> match X509.Extension.unsupported cert Vmm_asn.oid with | None -> acc - | Some _ -> X509.common_name_to_string cert :: acc) + | Some _ -> + let data = X509.common_name_to_string cert in + (* if the common name is empty, skip [useful for vmmc_bistro at least] + TODO: document properly and investigate potential security issue with + multi-tenant system (likely ca should ensure to never sign a delegation + with empty common name) *) + if data = "" then acc else data :: acc) [] chain (* this separates the leaf and top-level certificate from the chain,