From: William Lallemand Date: Wed, 17 Jul 2024 09:37:04 +0000 (+0200) Subject: MINOR: ssl: change issuers-chain for show_cert_detail() X-Git-Tag: v3.1-dev4~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ae8c3f7f7740da32883d1d34a718107f5933a2c1;p=thirdparty%2Fhaproxy.git MINOR: ssl: change issuers-chain for show_cert_detail() Since data->chain is now completed when loading the files, we don't need to use ssl_get0_issuer_chain() anywhere else in the code. data->chain will always be completed once the files are loaded, but we can't know from show_cert_detail() from what chain file it was completed. That's why the extra_chain pointer was added to dump the chain file. --- diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 57a980cdb4..0ca290d18e 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -1742,7 +1742,7 @@ void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bi -static int show_cert_detail(X509 *cert, STACK_OF(X509) *chain, struct buffer *out) +static int show_cert_detail(X509 *cert, STACK_OF(X509) *chain, struct issuer_chain *extra_chain, struct buffer *out) { BIO *bio = NULL; struct buffer *tmp = alloc_trash_chunk(); @@ -1757,15 +1757,11 @@ static int show_cert_detail(X509 *cert, STACK_OF(X509) *chain, struct buffer *ou if (!cert) goto end; - if (chain == NULL) { - struct issuer_chain *issuer; - issuer = ssl_get0_issuer_chain(cert); - if (issuer) { - chain = issuer->chain; - chunk_appendf(out, "Chain Filename: "); - chunk_appendf(out, "%s\n", issuer->path); - } + if (extra_chain) { + chunk_appendf(out, "Chain Filename: "); + chunk_appendf(out, "%s\n", extra_chain->path); } + chunk_appendf(out, "Serial: "); if (ssl_sock_get_serial(cert, tmp) == -1) goto end; @@ -1915,7 +1911,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx) else chunk_appendf(out, "Used\n"); - retval = show_cert_detail(ckchs->data->cert, ckchs->data->chain, out); + retval = show_cert_detail(ckchs->data->cert, ckchs->data->chain, ckchs->data->extra_chain, out); if (retval < 0) goto end_no_putchk; else if (retval) @@ -3167,7 +3163,7 @@ static int cli_io_handler_show_cafile_detail(struct appctx *appctx) /* file starts at line 1 */ chunk_appendf(out, " \nCertificate #%d:\n", i+1); - retval = show_cert_detail(cert, NULL, out); + retval = show_cert_detail(cert, NULL, NULL, out); if (retval < 0) goto end_no_putchk; else if (retval)