From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 13 Feb 2025 15:18:02 +0000 (+0100)
Subject: MINOR: ssl/cli: display more filenames in 'show ssl cert'
X-Git-Tag: v3.2-dev6~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c0b38d64c21ff852897880e46cd7f37674ccb36;p=thirdparty%2Fhaproxy.git

MINOR: ssl/cli: display more filenames in 'show ssl cert'

"show ssl cert <file>" only displays a unique filename, which is the
key used in the ckch_store tree. This patch extends it by displaying
every filenames from the ckch_conf that can be configured with the
crt-store.

In order to be more consistant, some changes are needed in the future:
- we need to store the complete path in the ckch_conf (meaning with
  crt-path or key-path)
- we need to fill a ckch_conf in cases the files are autodiscovered
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 7a454bfd3..b82e9ad1a 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -2128,6 +2128,27 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
 		chunk_appendf(out, "*");
 	chunk_appendf(out, "%s\n", ckchs->path);
 
+	if (ckchs->conf.crt) {
+		chunk_appendf(out, "Crt filename: ");
+		chunk_appendf(out, "%s\n", ckchs->conf.crt);
+	}
+	if (ckchs->conf.key) {
+		chunk_appendf(out, "Key filename: ");
+		chunk_appendf(out, "%s\n", ckchs->conf.key);
+	}
+	if (ckchs->conf.ocsp) {
+		chunk_appendf(out, "OCSP filename: ");
+		chunk_appendf(out, "%s\n", ckchs->conf.ocsp);
+	}
+	if (ckchs->conf.issuer) {
+		chunk_appendf(out, "OCSP Issuer filename: ");
+		chunk_appendf(out, "%s\n", ckchs->conf.issuer);
+	}
+	if (ckchs->conf.sctl) {
+		chunk_appendf(out, "SCTL filename: ");
+		chunk_appendf(out, "%s\n", ckchs->conf.sctl);
+	}
+
 	chunk_appendf(out, "Status: ");
 	if (ckchs->data->cert == NULL)
 		chunk_appendf(out, "Empty\n");