subject:"\[PATCH 4\/4\] MINOR\: ssl\: \"show ssl cert\" command should print the \"Chain filename\:\""

Re: [PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

2020-02-26 Thread William Lallemand

On Wed, Feb 26, 2020 at 11:15:00AM +0100, Emmanuel Hocdet wrote:
> Hi,
> 
> > Le 18 févr. 2020 à 17:49, Emmanuel Hocdet  a écrit :
> >> 
> >> Yes. Show the chain-filename would be very helpful.
> >> For that i think a good way would be to keep ckch->chain and ckch->issuer
> >> with value (or NULL) from PEM/, and resolve chain and ocsp_issuer
> >> when needed. « show ssl cert » will be able to find the origin of chain 
> >> (and ocsp_issuer)
> >> without  store a new state. The drawback(?) is that .issuer file will be 
> >> loaded, in every case, if present.
> >> 
> > 
> > 
> > Patch series to do that:
> > 
> > example:
> > Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> > Chain filename: /etc/haproxy/issuers/letsencryptEC.pem
> > 
> 
> Rebased with current dev branch.
> 

Thanks, applied.

I made a cosmetic change in the "show ssl cert" output, and also
reworded the commit message a little bit.

-- 
William Lallemand

Re: [PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

2020-02-26 Thread Emmanuel Hocdet

Hi,Le 18 févr. 2020 à 17:49, Emmanuel Hocdet  a écrit :Yes. Show the chain-filename would be very helpful.For that i think a good way would be to keep ckch->chain and ckch->issuerwith value (or NULL) from PEM/, and resolve chain and ocsp_issuerwhen needed. « show ssl cert » will be able to find the origin of chain (and ocsp_issuer)without  store a new state. The drawback(?) is that .issuer file will be loaded, in every case, if present.Patch series to do that:example:Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3Chain filename: /etc/haproxy/issuers/letsencryptEC.pemRebased with current dev branch.++Manu

0001-MINOR-ssl-move-find-certificate-chain-code-to-its-ow.patch
Description: Binary data


0002-MINOR-ssl-resolve-issuers-chain-later.patch
Description: Binary data


0003-MINOR-ssl-resolve-ocsp_issuer-later.patch
Description: Binary data


0004-MINOR-ssl-show-ssl-cert-command-should-print-the-Cha.patch
Description: Binary data

[PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

2020-02-18 Thread Emmanuel Hocdet

Hi,Le 18 févr. 2020 à 11:45, Emmanuel Hocdet  a écrit :I think we will probably need more information in the "show ssl cert"output in the future so the users can debug this kind of feature easily.Yes. Show the chain-filename would be very helpful.For that i think a good way would be to keep ckch->chain and ckch->issuerwith value (or NULL) from PEM/, and resolve chain and ocsp_issuerwhen needed. « show ssl cert » will be able to find the origin of chain (and ocsp_issuer)without  store a new state. The drawback(?) is that .issuer file will be loaded, in every case, if present.Patch series to do that:example:Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3Chain filename: /etc/haproxy/issuers/letsencryptEC.pem++Manu

0001-MINOR-ssl-move-find-certificate-chain-code-to-its-ow.patch
Description: Binary data


0002-MINOR-ssl-resolve-issuers-chain-later.patch
Description: Binary data


0003-MINOR-ssl-resolve-ocsp_issuer-later.patch
Description: Binary data


0004-MINOR-ssl-show-ssl-cert-command-should-print-the-Cha.patch
Description: Binary data

Re: [PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

Re: [PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

[PATCH 4/4] MINOR: ssl: "show ssl cert" command should print the "Chain filename:"

3 matches

Site Navigation

Mail list logo

Footer information