From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 20 Nov 2025 15:42:41 +0000 (+0100)
Subject: ADMIN: dump-certs: let dry-run compare certificates
X-Git-Tag: v3.3-dev14~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6aa236e964761c2ff18e4a3cb169478f90dda42a;p=thirdparty%2Fhaproxy.git

ADMIN: dump-certs: let dry-run compare certificates

Let the --dry-run mode connect to the socket and compare the
certificates. It would exits the process just before trying to move
the previous certificate and replace it.

This allow to have the "[NOTICE] (1234) XXX is already up to date" message
with dry-run.
---

diff --git a/admin/cli/haproxy-dump-certs b/admin/cli/haproxy-dump-certs
index 593ee6072..59a507711 100755
--- a/admin/cli/haproxy-dump-certs
+++ b/admin/cli/haproxy-dump-certs
@@ -103,6 +103,11 @@ dump_certificate() {
 		return 0
 	fi
 
+	# dry run will just return before trying to move the files
+	if [ "${DRY_RUN}" != "0" ]; then
+		return 0
+	fi
+
 	# move the current certificates to ".old.timestamp"
 	if [ -f "${prev_crt}" ] && [ -f "${prev_key}" ]; then
 		mv "${prev_crt}" "${prev_crt}.${d}"
@@ -123,7 +128,7 @@ dump_all_certificates() {
 		export KEY_FILENAME
 
 		if read_certificate "$line"; then
-			[ "${DRY_RUN}" = "0" ] && dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
+			dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
 		else
 			echo "[WARNING] ($$) : can't dump \"$name\", crt/key filename details not found in \"show ssl cert\"" >&2
 		fi