MINOR: ssl/cli: "show ssl cert" command should print the "Chain Filename:"
When the issuers chain of a certificate is picked from
the "issuers-chain-path" tree, "ssl show cert" prints it.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 14066d7..80356aa 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10635,6 +10635,7 @@
struct buffer *out = alloc_trash_chunk();
struct buffer *tmp = alloc_trash_chunk();
X509_NAME *name = NULL;
+ STACK_OF(X509) *chain;
unsigned int len = 0;
int write = -1;
BIO *bio = NULL;
@@ -10648,6 +10649,17 @@
if (ckchs == ckchs_transaction.new_ckchs)
chunk_appendf(out, "*");
chunk_appendf(out, "%s\n", ckchs->path);
+
+ chain = ckchs->ckch->chain;
+ if (chain == NULL) {
+ struct issuer_chain *issuer;
+ issuer = ssl_get_issuer_chain(ckchs->ckch->cert);
+ if (issuer) {
+ chain = issuer->chain;
+ chunk_appendf(out, "Chain Filename: ");
+ chunk_appendf(out, "%s\n", issuer->path);
+ }
+ }
chunk_appendf(out, "Serial: ");
if (ssl_sock_get_serial(ckchs->ckch->cert, tmp) == -1)
goto end;
@@ -10715,8 +10727,8 @@
chunk_appendf(out, "%s\n", tmp->area);
/* Displays subject of each certificate in the chain */
- for (i = 0; i < sk_X509_num(ckchs->ckch->chain); i++) {
- X509 *ca = sk_X509_value(ckchs->ckch->chain, i);
+ for (i = 0; i < sk_X509_num(chain); i++) {
+ X509 *ca = sk_X509_value(chain, i);
chunk_appendf(out, "Chain Subject: ");
if ((name = X509_get_subject_name(ca)) == NULL)