[PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

Emmanuel Hocdet Tue, 18 Feb 2020 08:51:14 -0800

Hi,

Le 18 févr. 2020 à 11:45, Emmanuel Hocdet <m...@gandi.net> a écrit :

I think we will probably need more information in the "show ssl cert"
output in the future so the users can debug this kind of feature easily.

Yes. Show the chain-filename would be very helpful.
For that i think a good way would be to keep ckch->chain and ckch->issuer
with value (or NULL) from PEM/<payload>, and resolve chain and ocsp_issuer
when needed. « show ssl cert » will be able to find the origin of chain (and ocsp_issuer)
without store a new state. The drawback(?) is that .issuer file will be loaded, in every case, if present.

Patch series to do that:

example:

Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

Chain filename: /etc/haproxy/issuers/letsencryptEC.pem

Manu

0001-MINOR-ssl-move-find-certificate-chain-code-to-its-ow.patch
Description: Binary data

0002-MINOR-ssl-resolve-issuers-chain-later.patch
Description: Binary data

0003-MINOR-ssl-resolve-ocsp_issuer-later.patch
Description: Binary data

0004-MINOR-ssl-show-ssl-cert-command-should-print-the-Cha.patch
Description: Binary data

[PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

Reply via email to