From bb7288a9f50483ae75c7fcf560dc5f2c824b773b Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 25 Feb 2020 14:04:33 +0100 Subject: [PATCH] MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain For each certificate in the chain, displays the issuer, so it's easy to know if the chain is right. Also rename "Chain" to "Chain Subject". Example: Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Root CA/CN=root.haproxy.local --- src/ssl_sock.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 222a206..94fff9b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -10723,7 +10723,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx) for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) { X509 *ca = sk_X509_value(ckchs->ckch->chain, i); - chunk_appendf(out, "Chain: "); + chunk_appendf(out, "Chain Subject: "); if ((name = X509_get_subject_name(ca)) == NULL) goto end; if ((ssl_sock_get_dn_oneline(name, tmp)) == -1) @@ -10731,6 +10731,13 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx) *(tmp->area + tmp->data) = '\0'; chunk_appendf(out, "%s\n", tmp->area); + chunk_appendf(out, "Chain Issuer: "); + if ((name = X509_get_issuer_name(ca)) == NULL) + goto end; + if ((ssl_sock_get_dn_oneline(name, tmp)) == -1) + goto end; + *(tmp->area + tmp->data) = '\0'; + chunk_appendf(out, "%s\n", tmp->area); } } -- 1.7.10.4