From: Remi Tricot-Le Breton Date: Mon, 13 Mar 2023 14:56:35 +0000 (+0100) Subject: MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output X-Git-Tag: v2.8-dev6~66 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7716f2773629cd21ee9413b47cb73f7adf69ecc0;p=thirdparty%2Fhaproxy.git MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output The ocsp-related CLI commands tend to work with OCSP_CERTIDs as well as certificate paths so the path should also be added to the output of the "show ssl ocsp-response" command when no certid or path is provided. --- diff --git a/doc/management.txt b/doc/management.txt index 022348e67a..94451b524e 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -3434,8 +3434,9 @@ show ssl crt-list [-n] [] show ssl ocsp-response [[text|base64] ] Display the IDs of the OCSP tree entries corresponding to all the OCSP - responses used in HAProxy, as well as the issuer's name and key hash and the - serial number of the certificate for which the OCSP response was built. + responses used in HAProxy, as well as the corresponding frontend + certificate's path, the issuer's name and key hash and the serial number of + the certificate for which the OCSP response was built. If a valid or the of a valid frontend certificate is provided, display the contents of the corresponding OCSP response. When an is provided, it it possible to define the format in which the data is dumped. @@ -3449,6 +3450,7 @@ show ssl ocsp-response [[text|base64] ] $ echo "show ssl ocsp-response" | socat /var/run/haproxy.master - # Certificate IDs Certificate ID key : 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a + Certificate path : /path_to_cert/foo.pem Certificate ID: Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index 17d217e07b..20ae5c9d91 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -1582,6 +1582,9 @@ static int cli_io_handler_show_ocspresponse(struct appctx *appctx) } chunk_appendf(trash, "\n"); + /* Dump the certificate path */ + chunk_appendf(trash, "Certificate path : %s\n", ocsp->path); + p = ocsp->key_data; /* Decode the certificate ID (serialized into the key). */