From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 25 Feb 2020 13:04:33 +0000 (+0100)
Subject: MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain
X-Git-Tag: v2.2-dev3~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb7288a9f50483ae75c7fcf560dc5f2c824b773b;p=thirdparty%2Fhaproxy.git

MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain

For each certificate in the chain, displays the issuer, so it's easy to
know if the chain is right.

Also rename "Chain" to "Chain Subject".

Example:

  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Root CA/CN=root.haproxy.local
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 222a206882..94fff9b0ff 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10723,7 +10723,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
 		for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) {
 			X509 *ca = sk_X509_value(ckchs->ckch->chain, i);
 
-			chunk_appendf(out, "Chain: ");
+			chunk_appendf(out, "Chain Subject: ");
 			if ((name = X509_get_subject_name(ca)) == NULL)
 				goto end;
 			if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
@@ -10731,6 +10731,13 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
 			*(tmp->area + tmp->data) = '\0';
 			chunk_appendf(out, "%s\n", tmp->area);
 
+			chunk_appendf(out, "Chain Issuer: ");
+			if ((name = X509_get_issuer_name(ca)) == NULL)
+				goto end;
+			if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
+				goto end;
+			*(tmp->area + tmp->data) = '\0';
+			chunk_appendf(out, "%s\n", tmp->area);
 		}
 	}