From 6aa236e964761c2ff18e4a3cb169478f90dda42a Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 20 Nov 2025 16:42:41 +0100
Subject: [PATCH] ADMIN: dump-certs: let dry-run compare certificates

Let the --dry-run mode connect to the socket and compare the
certificates. It would exits the process just before trying to move
the previous certificate and replace it.

This allow to have the "[NOTICE] (1234) XXX is already up to date" message
with dry-run.
---
 admin/cli/haproxy-dump-certs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/admin/cli/haproxy-dump-certs b/admin/cli/haproxy-dump-certs
index 593ee6072..59a507711 100755
--- a/admin/cli/haproxy-dump-certs
+++ b/admin/cli/haproxy-dump-certs
@@ -103,6 +103,11 @@ dump_certificate() {
 		return 0
 	fi
 
+	# dry run will just return before trying to move the files
+	if [ "${DRY_RUN}" != "0" ]; then
+		return 0
+	fi
+
 	# move the current certificates to ".old.timestamp"
 	if [ -f "${prev_crt}" ] && [ -f "${prev_key}" ]; then
 		mv "${prev_crt}" "${prev_crt}.${d}"
@@ -123,7 +128,7 @@ dump_all_certificates() {
 		export KEY_FILENAME
 
 		if read_certificate "$line"; then
-			[ "${DRY_RUN}" = "0" ] && dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
+			dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
 		else
 			echo "[WARNING] ($$) : can't dump \"$name\", crt/key filename details not found in \"show ssl cert\"" >&2
 		fi