Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a90e593a7aa644ff5f4f70f5df4efe1b2dd48cb7^! / .
commita90e593a7aa644ff5f4f70f5df4efe1b2dd48cb7[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Tue Feb 25 14:07:58 2020 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Tue Feb 25 14:17:50 2020 +0100
tree5090bb9199d9e87ff389483f256c401afca4d982
parentbb7288a9f50483ae75c7fcf560dc5f2c824b773b [diff]
MINOR: ssl/cli: reorder 'show ssl cert' output

Reorder the 'show ssl cert' output so it's easier to see if the whole
chain is correct.

For a chain to be correct, an "Issuer" line must have the same
content as the next "Subject" line.

Example:

  Subject: /C=FR/ST=Paris/O=HAProxy Test Certificate/CN=test.haproxy.local
  Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local
  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Root CA/CN=root.haproxy.local

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 94fff9b..38b3097 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -10680,24 +10680,6 @@
 		BIO_free(bio);
 		chunk_appendf(out, "%s\n", tmp->area);
 
-
-		chunk_appendf(out, "Issuer: ");
-		if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
-			goto end;
-		if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
-			goto end;
-		*(tmp->area + tmp->data) = '\0';
-		chunk_appendf(out, "%s\n", tmp->area);
-
-		chunk_appendf(out, "Subject: ");
-		if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
-			goto end;
-		if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
-			goto end;
-		*(tmp->area + tmp->data) = '\0';
-		chunk_appendf(out, "%s\n", tmp->area);
-
-
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 		chunk_appendf(out, "Subject Alternative Name: ");
 		if (ssl_sock_get_san_oneline(ckchs->ckch->cert, out) == -1)
@@ -10719,6 +10701,22 @@
 		dump_binary(out, tmp->area, tmp->data);
 		chunk_appendf(out, "\n");
 
+		chunk_appendf(out, "Subject: ");
+		if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
+			goto end;
+		if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
+			goto end;
+		*(tmp->area + tmp->data) = '\0';
+		chunk_appendf(out, "%s\n", tmp->area);
+
+		chunk_appendf(out, "Issuer: ");
+		if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
+			goto end;
+		if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
+			goto end;
+		*(tmp->area + tmp->data) = '\0';
+		chunk_appendf(out, "%s\n", tmp->area);
+
 		/* Displays subject of each certificate in the chain */
 		for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) {
 			X509 *ca = sk_X509_value(ckchs->ckch->chain, i);