From: Remi Tricot-Le Breton Date: Tue, 11 Jan 2022 09:11:10 +0000 (+0100) Subject: BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response " output X-Git-Tag: v2.6-dev2~198 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e7d1eb2a7dad61ee5661086005d3f85ee6ad6ba;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response " output There were empty lines in the output of the CLI's "show ssl ocsp-response " command. The plain "show ssl ocsp-response" command (without parameter) was already managed in commit cc750efbc5c2180ed63b222a51029609ea96d0f7. This patch adds an extra space to those lines so that the only existing empty lines actually mark the end of the output. This requires to post-process the buffer filled by OpenSSL's OCSP_RESPONSE_print function (which produces the output of the "openssl ocsp -respin " command). This way the output of our command still looks the same as openssl's one. Must be backported in 2.5. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 0b65d888ea..955d345a1f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -79,6 +79,7 @@ #include #include #include +#include /* ***** READ THIS before adding code here! ***** @@ -7432,9 +7433,43 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out) } if (OCSP_RESPONSE_print(bio, resp, 0) != 0) { - write = BIO_read(bio, out->area, out->size - 1); - out->area[write] = '\0'; - out->data = write; + struct buffer *trash = get_trash_chunk(); + struct ist ist_block = IST_NULL; + struct ist ist_double_lf = IST_NULL; + static struct ist double_lf = IST("\n\n"); + + write = BIO_read(bio, trash->area, trash->size - 1); + trash->data = write; + + /* Look for empty lines in the 'trash' buffer and add a space to + * the beginning to avoid having empty lines in the output + * (without changing the appearance of the information + * displayed). + */ + ist_block = ist2(b_orig(trash), b_data(trash)); + + ist_double_lf = istist(ist_block, double_lf); + + while (istlen(ist_double_lf)) { + /* istptr(ist_double_lf) points to the first \n of a + * \n\n pattern. + */ + uint empty_line_offset = istptr(ist_double_lf) + 1 - istptr(ist_block); + + /* Write up to the first '\n' of the "\n\n" pattern into + * the output buffer. + */ + b_putblk(out, istptr(ist_block), empty_line_offset); + /* Add an extra space. */ + b_putchr(out, ' '); + + /* Keep looking for empty lines in the rest of the data. */ + ist_block = istadv(ist_block, empty_line_offset); + + ist_double_lf = istist(ist_block, double_lf); + } + + b_istput(out, ist_block); } if (bio)