On Wed, Feb 26, 2020 at 11:15:00AM +0100, Emmanuel Hocdet wrote: > Hi, > > > Le 18 févr. 2020 à 17:49, Emmanuel Hocdet <[email protected]> a écrit : > >> > >> Yes. Show the chain-filename would be very helpful. > >> For that i think a good way would be to keep ckch->chain and ckch->issuer > >> with value (or NULL) from PEM/<payload>, and resolve chain and ocsp_issuer > >> when needed. « show ssl cert » will be able to find the origin of chain > >> (and ocsp_issuer) > >> without store a new state. The drawback(?) is that .issuer file will be > >> loaded, in every case, if present. > >> > > > > > > Patch series to do that: > > > > example: > > Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > > Chain filename: /etc/haproxy/issuers/letsencryptEC.pem > > > > Rebased with current dev branch. >
Thanks, applied. I made a cosmetic change in the "show ssl cert" output, and also reworded the commit message a little bit. -- William Lallemand
