MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output
The ocsp-related CLI commands tend to work with OCSP_CERTIDs as well as
certificate paths so the path should also be added to the output of the
"show ssl ocsp-response" command when no certid or path is provided.
diff --git a/doc/management.txt b/doc/management.txt
index 022348e..94451b5 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -3434,8 +3434,9 @@
show ssl ocsp-response [[text|base64] <id|path>]
Display the IDs of the OCSP tree entries corresponding to all the OCSP
- responses used in HAProxy, as well as the issuer's name and key hash and the
- serial number of the certificate for which the OCSP response was built.
+ responses used in HAProxy, as well as the corresponding frontend
+ certificate's path, the issuer's name and key hash and the serial number of
+ the certificate for which the OCSP response was built.
If a valid <id> or the <path> of a valid frontend certificate is provided,
display the contents of the corresponding OCSP response. When an <id> is
provided, it it possible to define the format in which the data is dumped.
@@ -3449,6 +3450,7 @@
$ echo "show ssl ocsp-response" | socat /var/run/haproxy.master -
# Certificate IDs
Certificate ID key : 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a
+ Certificate path : /path_to_cert/foo.pem
Certificate ID:
Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A
Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A
diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 17d217e..20ae5c9 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1582,6 +1582,9 @@
}
chunk_appendf(trash, "\n");
+ /* Dump the certificate path */
+ chunk_appendf(trash, "Certificate path : %s\n", ocsp->path);
+
p = ocsp->key_data;
/* Decode the certificate ID (serialized into the key). */