]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6f507c7)
MINOR: ssl/cli: "show ssl cert" command should print the "Chain Filename:"
authorEmmanuel Hocdet <manu@gandi.net>
Tue, 18 Feb 2020 15:06:14 +0000 (16:06 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Wed, 26 Feb 2020 12:11:59 +0000 (13:11 +0100)
When the issuers chain of a certificate is picked from
the "issuers-chain-path" tree, "ssl show cert" prints it.

src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 14066d76965ee9e205f5384868022d0b55181928..80356aaa0e356de595d59ab0aa8fbed5a09aa9c7 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10635,6 +10635,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
        struct buffer *out = alloc_trash_chunk();
        struct buffer *tmp = alloc_trash_chunk();
        X509_NAME *name = NULL;
+       STACK_OF(X509) *chain;
        unsigned int len = 0;
        int write = -1;
        BIO *bio = NULL;
@@ -10648,6 +10649,17 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
                if (ckchs == ckchs_transaction.new_ckchs)
                        chunk_appendf(out, "*");
                chunk_appendf(out, "%s\n", ckchs->path);
+
+               chain = ckchs->ckch->chain;
+               if (chain == NULL) {
+                       struct issuer_chain *issuer;
+                       issuer = ssl_get_issuer_chain(ckchs->ckch->cert);
+                       if (issuer) {
+                               chain = issuer->chain;
+                               chunk_appendf(out, "Chain Filename: ");
+                               chunk_appendf(out, "%s\n", issuer->path);
+                       }
+               }
                chunk_appendf(out, "Serial: ");
                if (ssl_sock_get_serial(ckchs->ckch->cert, tmp) == -1)
                        goto end;
@@ -10715,8 +10727,8 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
                chunk_appendf(out, "%s\n", tmp->area);
 
                /* Displays subject of each certificate in the chain */
-               for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) {
-                       X509 *ca = sk_X509_value(ckchs->ckch->chain, i);
+               for (i = 0; i < sk_X509_num(chain); i++) {
+                       X509 *ca = sk_X509_value(chain, i);
 
                        chunk_appendf(out, "Chain Subject: ");
                        if ((name = X509_get_subject_name(ca)) == NULL)
Mirror of https://github.com/haproxy/haproxy.git