diff --git a/doc/management.txt b/doc/management.txt index c3ecd3af0..12d378822 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -3572,14 +3572,15 @@ show ssl ca-file [[:]] Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136 [...] -show ssl cert [] +show ssl cert [[*][\]] Display the list of certificates loaded into the process. They are not used by any frontend or backend until their status is "Used". If a filename is prefixed by an asterisk, it is a transaction which is not committed yet. If a filename is specified, it will show details about the certificate. This command can be useful to check if a certificate was well updated. You can also display details on a transaction by prefixing the - filename by an asterisk. + filename by a '*'. If the first character of the filename is a '*', it can be + escaped with '\*'. This command can also be used to display the details of a certificate's OCSP response by suffixing the filename with a ".ocsp" extension. It works for committed certificates as well as for ongoing transactions. On a committed @@ -3611,6 +3612,11 @@ show ssl cert [] Status: Unused [...] + $ echo "@1 show ssl cert \*.local.pem" | socat /var/run/haproxy.master - + Filename: *.local.pem + Status: Used + [...] + show ssl crl-file [[:]] Display the list of CRL files loaded into the process. They are not used by any frontend or backend until their status is "Used". diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 4b12f2565..869b4a2d1 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -2203,7 +2203,7 @@ static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx) #endif } -/* parsing function for 'show ssl cert [certfile]' */ +/* parsing function for 'show ssl cert [[*][\]]' */ static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx, void *private) { struct show_cert_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx)); @@ -2232,17 +2232,27 @@ static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx } if (*args[3] == '*') { + char *filename = args[3]+1; + from_transaction = 1; if (!ckchs_transaction.new_ckchs) goto error; ckchs = ckchs_transaction.new_ckchs; - if (strcmp(args[3] + 1, ckchs->path) != 0) + if (filename[0] == '\\') + filename++; + + if (strcmp(filename, ckchs->path) != 0) goto error; } else { - if ((ckchs = ckchs_lookup(args[3])) == NULL) + char *filename = args[3]; + + if (filename[0] == '\\') + filename++; + + if ((ckchs = ckchs_lookup(filename)) == NULL) goto error; }