commit bb7288a9f50483ae75c7fcf560dc5f2c824b773b
author William Lallemand <wlallemand@haproxy.com> Tue Feb 25 14:04:33 2020 +0100
committer William Lallemand <wlallemand@haproxy.org> Tue Feb 25 14:17:44 2020 +0100
tree 7e132c25bab5d9d99915f968639965016090ba22
parent 35f4a9dd8cb78c32d77477a77785bd561a524425

MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain

For each certificate in the chain, displays the issuer, so it's easy to
know if the chain is right.

Also rename "Chain" to "Chain Subject".

Example:

  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 2/CN=ca2.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Subject: /C=FR/ST=Paris/O=HAProxy Test Intermediate CA 1/CN=ca1.haproxy.local
  Chain Issuer: /C=FR/ST=Paris/O=HAProxy Test Root CA/CN=root.haproxy.local

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 222a206..94fff9b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10723,7 +10723,7 @@
 		for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) {
 			X509 *ca = sk_X509_value(ckchs->ckch->chain, i);
 
-			chunk_appendf(out, "Chain: ");
+			chunk_appendf(out, "Chain Subject: ");
 			if ((name = X509_get_subject_name(ca)) == NULL)
 				goto end;
 			if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
@@ -10731,6 +10731,13 @@
 			*(tmp->area + tmp->data) = '\0';
 			chunk_appendf(out, "%s\n", tmp->area);
 
+			chunk_appendf(out, "Chain Issuer: ");
+			if ((name = X509_get_issuer_name(ca)) == NULL)
+				goto end;
+			if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
+				goto end;
+			*(tmp->area + tmp->data) = '\0';
+			chunk_appendf(out, "%s\n", tmp->area);
 		}
 	}