From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 12 Feb 2025 16:09:21 +0000 (+0100)
Subject: BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals
X-Git-Tag: v3.2-dev6~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=037d2e5498917d2323a9ad748b9d97aaa688f351;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals

b6ae2aafde43 ("MINOR: ssl: allow to change the signature algorithm for
client authentication") implemented the client-sigals keyword in the
crt-list but never the dump of the keyword over the CLI.

Must be backported as far as 2.8.
---

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 189d6e6ca..1cda1cf45 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -960,6 +960,12 @@ static void dump_crtlist_conf(struct buffer *buf, const struct ssl_bind_conf *co
 		space++;
 	}
 
+	if (conf->client_sigalgs) {
+		if (space) chunk_appendf(buf, " ");
+		chunk_appendf(buf, "client-sigalgs %s", conf->client_sigalgs);
+		space++;
+	}
+
 	/* the crt-lists only support ssl-min-ver and ssl-max-ver */
 	if (conf->ssl_methods_cfg.min) {
 		if (space) chunk_appendf(buf, " ");