MINOR: ssl/cli: reorder 'show ssl cert' output

Reorder the 'show ssl cert' output so it's easier to see if the whole
chain is correct.

For a chain to be correct, an "Issuer" line must have the same
content as the next "Subject" line.

Example:

  Subject: /C=FR/ST=Paris/O=HAProxy Test Certificate/CN=test.haproxy.local
  Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local
  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Root CA/CN=root.haproxy.local

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 94fff9b0ff68d13cd784199eee17fce325e46b59..38b30977c0dd35b079e629ed1ff26d8542ace7de 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10680,24 +10680,6 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
                BIO_free(bio);
                chunk_appendf(out, "%s\n", tmp->area);
 
-
-               chunk_appendf(out, "Issuer: ");
-               if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
-                       goto end;
-               if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
-                       goto end;
-               *(tmp->area + tmp->data) = '\0';
-               chunk_appendf(out, "%s\n", tmp->area);
-
-               chunk_appendf(out, "Subject: ");
-               if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
-                       goto end;
-               if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
-                       goto end;
-               *(tmp->area + tmp->data) = '\0';
-               chunk_appendf(out, "%s\n", tmp->area);
-
-
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
                chunk_appendf(out, "Subject Alternative Name: ");
                if (ssl_sock_get_san_oneline(ckchs->ckch->cert, out) == -1)
@@ -10719,6 +10701,22 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
                dump_binary(out, tmp->area, tmp->data);
                chunk_appendf(out, "\n");
 
+               chunk_appendf(out, "Subject: ");
+               if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
+                       goto end;
+               if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
+                       goto end;
+               *(tmp->area + tmp->data) = '\0';
+               chunk_appendf(out, "%s\n", tmp->area);
+
+               chunk_appendf(out, "Issuer: ");
+               if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
+                       goto end;
+               if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
+                       goto end;
+               *(tmp->area + tmp->data) = '\0';
+               chunk_appendf(out, "%s\n", tmp->area);
+
                /* Displays subject of each certificate in the chain */
                for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) {
                        X509 *ca = sk_X509_value(ckchs->ckch->chain, i);