commit 2e7d1eb2a7dad61ee5661086005d3f85ee6ad6ba
author Remi Tricot-Le Breton <rlebreton@haproxy.com> Tue Jan 11 10:11:10 2022 +0100
committer William Lallemand <wlallemand@haproxy.org> Thu Feb 03 09:57:24 2022 +0100
tree f0cc99dc826014dddbe8e5556a1cdc4afbb9f540
parent bfa3236c6c3550eb3f53f3fb98738aaabe77c689

BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output

There were empty lines in the output of the CLI's "show ssl
ocsp-response <id>" command. The plain "show ssl ocsp-response" command
(without parameter) was already managed in commit
cc750efbc5c2180ed63b222a51029609ea96d0f7. This patch adds an extra space
to those lines so that the only existing empty lines actually mark the
end of the output. This requires to post-process the buffer filled by
OpenSSL's OCSP_RESPONSE_print function (which produces the output of the
"openssl ocsp -respin <ocsp.pem>" command). This way the output of our
command still looks the same as openssl's one.

Must be backported in 2.5.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0b65d88..955d345 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -79,6 +79,7 @@
 #include <haproxy/vars.h>
 #include <haproxy/xprt_quic.h>
 #include <haproxy/xxhash.h>
+#include <haproxy/istbuf.h>
 
 
 /* ***** READ THIS before adding code here! *****
@@ -7432,9 +7433,43 @@
 	}
 
 	if (OCSP_RESPONSE_print(bio, resp, 0) != 0) {
-		write = BIO_read(bio, out->area, out->size - 1);
-		out->area[write] = '\0';
-		out->data = write;
+		struct buffer *trash = get_trash_chunk();
+		struct ist ist_block = IST_NULL;
+		struct ist ist_double_lf = IST_NULL;
+		static struct ist double_lf = IST("\n\n");
+
+		write = BIO_read(bio, trash->area, trash->size - 1);
+		trash->data = write;
+
+		/* Look for empty lines in the 'trash' buffer and add a space to
+		 * the beginning to avoid having empty lines in the output
+		 * (without changing the appearance of the information
+		 * displayed).
+		 */
+		ist_block = ist2(b_orig(trash), b_data(trash));
+
+		ist_double_lf = istist(ist_block, double_lf);
+
+		while (istlen(ist_double_lf)) {
+			/* istptr(ist_double_lf) points to the first \n of a
+			 * \n\n pattern.
+			 */
+			uint empty_line_offset = istptr(ist_double_lf) + 1 - istptr(ist_block);
+
+			/* Write up to the first '\n' of the "\n\n" pattern into
+			 * the output buffer.
+			 */
+			b_putblk(out, istptr(ist_block), empty_line_offset);
+			/* Add an extra space. */
+			b_putchr(out, ' ');
+
+			/* Keep looking for empty lines in the rest of the data. */
+			ist_block = istadv(ist_block, empty_line_offset);
+
+			ist_double_lf = istist(ist_block, double_lf);
+		}
+
+		b_istput(out, ist_block);
 	}
 
 	if (bio)