Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / c69f02d0f08beeb67d3ddb9236c5efd55ea72813^! / . / doc / management.txt
commitc69f02d0f08beeb67d3ddb9236c5efd55ea72813[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Mon Apr 06 19:07:03 2020 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Mon Apr 06 19:33:33 2020 +0200
treef73b1feefa2e6b56cc28ebabee9633acaa69b568
parent0a9b9414f05ac55268edf0afaa054dfe2c2377d8 [diff] [blame]
MINOR: ssl/cli: replace dump/show ssl crt-list by '-n' option

The dump and show ssl crt-list commands does the same thing, they dump
the content of a crt-list, but the 'show' displays an ID in the first
column. Delete the 'dump' command so it is replaced by the 'show' one.
The old 'show' command is replaced by an '-n' option to dump the ID.
And the ID which was a pointer is replaced by a line number and placed
after colons in the filename.

Example:
  $ echo "show ssl crt-list -n kikyo.crt-list" | socat /tmp/sock1 -
  # kikyo.crt-list
  kikyo.pem.rsa:1 secure.domain.tld
  kikyo.pem.ecdsa:2 secure.domain.tld

diff --git a/doc/management.txt b/doc/management.txt
index 2aea4e0..43e3524 100644
--- a/doc/management.txt
+++ b/doc/management.txt

@@ -1595,18 +1595,6 @@
   This command is restricted and can only be issued on sockets configured for
   level "admin".
 
-dump ssl crt-list <filename>
-  Dump the content of a crt-list or a directory. Once dumped the output can be
-  used as a crt-list file.
-
-  Example:
-    echo "dump ssl crt-list localhost.crt-list" | socat /tmp/sock1 -
-    # localhost.crt-list
-    common.pem !not.test1.com *.test1.com !localhost
-    common.pem
-    ecdsa.pem [verify none allow-0rtt ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3] localhost !www.test1.com
-    ecdsa.pem [verify none allow-0rtt ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3]
-
 enable agent <backend>/<server>
   Resume auxiliary agent check that was temporarily stopped.
 
@@ -2582,20 +2570,22 @@
     Filename: *test.local.pem
     [...]
 
-show ssl crt-list [<filename>]
+show ssl crt-list [-n] [<filename>]
   Display the list of crt-list and directories used in the HAProxy
-  configuration. If a directory or a crt-list is specified, displays its
-  content. Does not use this command to dump your crt-list configuration as it
-  provides extra informations not compatible with the crt-list. To dump a
-  crt-list, use the "dump ssl crt-list" command instead.
+  configuration. If a filename is specified, dump the content of a crt-list or
+  a directory. Once dumped the output can be used as a crt-list file.
+  The '-n' option can be used to display the line number, which is useful when
+  combined with the 'del ssl crt-list' option when a entry is duplicated. The
+  output with the '-n' option is not compatible with the crt-list format and
+  not loadable by haproxy.
 
   Example:
-    echo "show ssl crt-list localhost.crt-list" | socat /tmp/sock1 -
+    echo "show ssl crt-list -n localhost.crt-list" | socat /tmp/sock1 -
     # localhost.crt-list
-    0x55db301c29a0 common.pem !not.test1.com *.test1.com !localhost
-    0x55db301f99e0 common.pem
-    0x7fb6f40220b0 ecdsa.pem [verify none allow-0rtt ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3] localhost !www.test1.com
-    0x55db30277070 ecdsa.pem [verify none allow-0rtt ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3]
+    common.pem:1 !not.test1.com *.test1.com !localhost
+    common.pem:2
+    ecdsa.pem:3 [verify none allow-0rtt ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3] localhost !www.test1.com
+    ecdsa.pem:4 [verify none allow-0rtt ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.3]
 
 show resolvers [<resolvers section id>]
   Dump statistics for the given resolvers section, or all resolvers sections