mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-10 09:07:02 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: change issuers-chain for show_cert_detail()

Browse Source 
Since data->chain is now completed when loading the files, we don't need
to use ssl_get0_issuer_chain() anywhere else in the code.

data->chain will always be completed once the files are loaded, but we
can't know from show_cert_detail() from what chain file it was completed.
That's why the extra_chain pointer was added to dump the chain file.
This commit is contained in:
William Lallemand 2024-07-17 11:37:04 +02:00
parent 344c3ce8fc
commit ae8c3f7f77
1 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/ssl_ckch.c
View File

@ -1742,7 +1742,7 @@ void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bi
static int show_cert_detail(X509 *cert, STACK_OF(X509) *chain, struct buffer *out)
static int show_cert_detail(X509 *cert, STACK_OF(X509) *chain, struct issuer_chain *extra_chain, struct buffer *out)
{
BIO *bio = NULL;
struct buffer *tmp = alloc_trash_chunk();
@ -1757,15 +1757,11 @@ static int show_cert_detail(X509 *cert, STACK_OF(X509) *chain, struct buffer *ou
if (!cert)
goto end;
if (chain == NULL) {
struct issuer_chain *issuer;
issuer = ssl_get0_issuer_chain(cert);
if (issuer) {
chain = issuer->chain;
chunk_appendf(out, "Chain Filename: ");
chunk_appendf(out, "%s\n", issuer->path);
}
if (extra_chain) {
chunk_appendf(out, "Chain Filename: ");
chunk_appendf(out, "%s\n", extra_chain->path);
}
chunk_appendf(out, "Serial: ");
if (ssl_sock_get_serial(cert, tmp) == -1)
goto end;
@ -1915,7 +1911,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
else
chunk_appendf(out, "Used\n");
retval = show_cert_detail(ckchs->data->cert, ckchs->data->chain, out);
retval = show_cert_detail(ckchs->data->cert, ckchs->data->chain, ckchs->data->extra_chain, out);
if (retval < 0)
goto end_no_putchk;
else if (retval)
@ -3167,7 +3163,7 @@ static int cli_io_handler_show_cafile_detail(struct appctx *appctx)
/* file starts at line 1 */
chunk_appendf(out, " \nCertificate #%d:\n", i+1);
retval = show_cert_detail(cert, NULL, out);
retval = show_cert_detail(cert, NULL, NULL, out);
if (retval < 0)
goto end_no_putchk;
else if (retval)