BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output

There were empty lines in the output of the CLI's "show ssl
ocsp-response <id>" command. The plain "show ssl ocsp-response" command
(without parameter) was already managed in commit
cc750efbc5c2180ed63b222a51029609ea96d0f7. This patch adds an extra space
to those lines so that the only existing empty lines actually mark the
end of the output. This requires to post-process the buffer filled by
OpenSSL's OCSP_RESPONSE_print function (which produces the output of the
"openssl ocsp -respin <ocsp.pem>" command). This way the output of our
command still looks the same as openssl's one.

Must be backported in 2.5.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0b65d888ea522de3bbc9984d9f6ed02a7784b7b2..955d345a1fd45eab49f54627c2a4e8cde95d2fb6 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -79,6 +79,7 @@
 #include <haproxy/vars.h>
 #include <haproxy/xprt_quic.h>
 #include <haproxy/xxhash.h>
+#include <haproxy/istbuf.h>
 
 
 /* ***** READ THIS before adding code here! *****
@@ -7432,9 +7433,43 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
        }
 
        if (OCSP_RESPONSE_print(bio, resp, 0) != 0) {
-               write = BIO_read(bio, out->area, out->size - 1);
-               out->area[write] = '\0';
-               out->data = write;
+               struct buffer *trash = get_trash_chunk();
+               struct ist ist_block = IST_NULL;
+               struct ist ist_double_lf = IST_NULL;
+               static struct ist double_lf = IST("\n\n");
+
+               write = BIO_read(bio, trash->area, trash->size - 1);
+               trash->data = write;
+
+               /* Look for empty lines in the 'trash' buffer and add a space to
+                * the beginning to avoid having empty lines in the output
+                * (without changing the appearance of the information
+                * displayed).
+                */
+               ist_block = ist2(b_orig(trash), b_data(trash));
+
+               ist_double_lf = istist(ist_block, double_lf);
+
+               while (istlen(ist_double_lf)) {
+                       /* istptr(ist_double_lf) points to the first \n of a
+                        * \n\n pattern.
+                        */
+                       uint empty_line_offset = istptr(ist_double_lf) + 1 - istptr(ist_block);
+
+                       /* Write up to the first '\n' of the "\n\n" pattern into
+                        * the output buffer.
+                        */
+                       b_putblk(out, istptr(ist_block), empty_line_offset);
+                       /* Add an extra space. */
+                       b_putchr(out, ' ');
+
+                       /* Keep looking for empty lines in the rest of the data. */
+                       ist_block = istadv(ist_block, empty_line_offset);
+
+                       ist_double_lf = istist(ist_block, double_lf);
+               }
+
+               b_istput(out, ist_block);
        }
 
        if (bio)