diff --git a/doc/management.txt b/doc/management.txt index 022348e67..94451b524 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -3434,8 +3434,9 @@ show ssl crt-list [-n] [] show ssl ocsp-response [[text|base64] ] Display the IDs of the OCSP tree entries corresponding to all the OCSP - responses used in HAProxy, as well as the issuer's name and key hash and the - serial number of the certificate for which the OCSP response was built. + responses used in HAProxy, as well as the corresponding frontend + certificate's path, the issuer's name and key hash and the serial number of + the certificate for which the OCSP response was built. If a valid or the of a valid frontend certificate is provided, display the contents of the corresponding OCSP response. When an is provided, it it possible to define the format in which the data is dumped. @@ -3449,6 +3450,7 @@ show ssl ocsp-response [[text|base64] ] $ echo "show ssl ocsp-response" | socat /var/run/haproxy.master - # Certificate IDs Certificate ID key : 303b300906052b0e03021a050004148a83e0060faff709ca7e9b95522a2e81635fda0a0414f652b0e435d5ea923851508f0adbe92d85de007a0202100a + Certificate path : /path_to_cert/foo.pem Certificate ID: Issuer Name Hash: 8A83E0060FAFF709CA7E9B95522A2E81635FDA0A Issuer Key Hash: F652B0E435D5EA923851508F0ADBE92D85DE007A diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index 17d217e07..20ae5c9d9 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -1582,6 +1582,9 @@ static int cli_io_handler_show_ocspresponse(struct appctx *appctx) } chunk_appendf(trash, "\n"); + /* Dump the certificate path */ + chunk_appendf(trash, "Certificate path : %s\n", ocsp->path); + p = ocsp->key_data; /* Decode the certificate ID (serialized into the key). */