Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

writeout: add %{certs} and %{num_certs} #10019

Closed
wants to merge 3 commits into from
Closed

writeout: add %{certs} and %{num_certs} #10019

wants to merge 3 commits into from

Conversation

bagder
Copy link
Member

@bagder bagder commented Dec 2, 2022
edited

Let's users get the server certificate chain using the command line

Demo

$ curl -w '%{certs}\n' https://curl.se/ -s -o /dev/null

Subject:CN = curl.se
Issuer:C = US, O = Let's Encrypt, CN = R3
Version:2
Serial Number:03439cffb072ac0cf6e9e08c4cf8b12fca6a
Signature Algorithm:sha256WithRSAEncryption
Public Key Algorithm:rsaEncryption
X509v3 Key Usage:Digital Signature, Key Encipherment
X509v3 Extended Key Usage:TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints:CA:FALSE
X509v3 Subject Key Identifier:C4:48:F1:37:C4:89:B0:28:7E:1F:82:23:B0:F8:4C:D0:D5:A0:50:4D
X509v3 Authority Key Identifier:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:DNS:curl.se
X509v3 Certificate Policies:Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
  CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:Signed Certificate Timestamp:
    Version   : v1 (0x0)
    Log ID    : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
                16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
    Timestamp : Oct 25 12:46:57.620 2022 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:20:30:C9:F1:7F:CF:AD:57:D0:33:EE:36:61:
                A8:80:44:8E:4B:6E:B2:B6:21:7E:EF:5A:FC:7E:8E:7D:
                4B:8B:9C:E8:02:21:00:EF:63:B4:2F:82:AD:56:24:37:
                9E:9D:AC:21:DF:6D:15:86:98:6D:15:25:69:84:CC:FD:
                2B:93:EE:12:A1:D5:19
Signed Certificate Timestamp:
    Version   : v1 (0x0)
    Log ID    : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
                03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
    Timestamp : Oct 25 12:46:57.583 2022 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:A3:3E:B8:B1:3E:37:01:A8:52:8C:A2:
                90:B1:E5:2C:8E:61:1C:57:33:35:BC:50:C5:2B:71:12:
                0A:E1:1C:11:C0:02:20:6B:0E:BC:ED:00:54:99:DD:76:
                2B:52:0E:C2:D3:61:B3:46:3F:A7:E5:46:AA:4E:24:F2:
                4D:CE:29:80:21:2C:4C
Start date:Oct 25 11:46:57 2022 GMT
Expire date:Jan 23 11:46:56 2023 GMT
RSA Public Key:2048
rsa(n):BFE9C1B639787FB6C6A14D3071E5D723E17B870E9268BF10B01052C7644CE2E75F5C6F71220FE842628EE866AD7AFFD9B3390E52FE90225D9F37578162B565C8AE2163FEFA237D719F6F06F665A9E5C952158FD29496A8E5CBD980B1D3004C03CD5E5A2D7FE33D2D23A0CEE97536366778ED564191F995843E35AD4C9D88C3BAE41ECF2609679A7BD72C0EE87CF76B5B0846EA019F7A9E83499B884D0FF0C2A8816CC551BFE730653C1540B3E12ACFCF9735FB1748926BC4277929F3D24035C850A1AC86BE5A46468A13BB6EE5C0334719ABFD3C788F12357FF8A663066378D66B51438A30014211334FE19DD46C18DA51B97E70443D7E9724D41CED860FA49D
rsa(e):10001
Signature:11:93:bc:69:98:ad:ba:64:5c:8b:48:42:a4:03:c0:48:51:ba:d3:67:65:57:4c:5e:28:50:f1:a1:5d:5f:fc:72:b0:cc:56:ac:83:9a:6a:6c:57:b0:71:50:1a:92:22:ca:b9:5f:82:7c:73:45:a8:92:44:da:de:40:64:13:9d:bc:6e:42:3c:12:96:d2:b3:fa:fb:59:43:93:e5:ec:3c:24:93:d5:82:f4:28:49:f6:02:00:8e:9b:68:3f:a1:c3:e7:49:a9:f9:81:75:b9:f0:e3:06:86:dc:ba:06:b7:d5:d8:a2:14:5c:0d:88:13:a9:d6:8d:d3:e5:1c:50:d0:ce:d3:57:67:a6:f7:7c:b5:fa:da:cc:f4:2e:74:3a:12:e5:78:94:fd:72:83:25:32:8e:c7:5f:b8:0f:f1:d3:63:d2:2f:61:f1:65:85:50:5a:dd:2f:5f:65:c4:2a:11:11:12:cc:63:d7:78:6f:18:d0:bf:70:fa:f1:e1:db:02:a4:fb:da:e5:e1:13:6b:5e:cc:34:1c:46:f0:d8:f3:71:6d:b0:91:29:9c:84:2b:39:57:98:a9:9f:2e:fd:be:9c:18:ad:5c:e4:98:80:86:cb:3d:bf:e5:4f:63:2a:00:0f:eb:89:ac:af:c7:d3:8c:42:fb:62:e7:82:73:3a:2a:7e:c7:a6:9f:
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISA0Oc/7ByrAz26eCMTPixL8pqMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjEwMjUxMTQ2NTdaFw0yMzAxMjMxMTQ2NTZaMBIxEDAOBgNVBAMT
B2N1cmwuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/6cG2OXh/
tsahTTBx5dcj4XuHDpJovxCwEFLHZEzi519cb3EiD+hCYo7oZq16/9mzOQ5S/pAi
XZ83V4FitWXIriFj/vojfXGfbwb2ZanlyVIVj9KUlqjly9mAsdMATAPNXlotf+M9
LSOgzul1NjZneO1WQZH5lYQ+Na1MnYjDuuQezyYJZ5p71ywO6Hz3a1sIRuoBn3qe
g0mbiE0P8MKogWzFUb/nMGU8FUCz4SrPz5c1+xdIkmvEJ3kp89JANchQoayGvlpG
RooTu27lwDNHGav9PHiPEjV/+KZjBmN41mtRQ4owAUIRM0/hndRsGNpRuX5wRD1+
lyTUHO2GD6SdAgMBAAGjggJCMIICPjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMRI
8TfEibAofh+CI7D4TNDVoFBNMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52L
FMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVu
Y3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMBIGA1Ud
EQQLMAmCB2N1cmwuc2UwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEE
BgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9Ir
wTpXo1LrUgAAAYQPLoRUAAAEAwBHMEUCIDDJ8X/PrVfQM+42YaiARI5LbrK2IX7v
Wvx+jn1Li5zoAiEA72O0L4KtViQ3np2sId9tFYaYbRUlaYTM/SuT7hKh1RkAdgDo
PtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYQPLoQvAAAEAwBHMEUC
IQCjPrixPjcBqFKMopCx5SyOYRxXMzW8UMUrcRIK4RwRwAIgaw687QBUmd12K1IO
wtNhs0Y/p+VGqk4k8k3OKYAhLEwwDQYJKoZIhvcNAQELBQADggEBABGTvGmYrbpk
XItIQqQDwEhRutNnZVdMXihQ8aFdX/xysMxWrIOaamxXsHFQGpIiyrlfgnxzRaiS
RNreQGQTnbxuQjwSltKz+vtZQ5Pl7Dwkk9WC9ChJ9gIAjptoP6HD50mp+YF1ufDj
Bobcuga31diiFFwNiBOp1o3T5RxQ0M7TV2em93y1+trM9C50OhLleJT9coMlMo7H
X7gP8dNj0i9h8WWFUFrdL19lxCoRERLMY9d4bxjQv3D68eHbAqT72uXhE2tezDQc
RvDY83FtsJEpnIQrOVeYqZ8u/b6cGK1c5JiAhss9v+VPYyoAD+uJrK/H04xC+2Ln
gnM6Kn7Hpp8=
-----END CERTIFICATE-----
Subject:C = US, O = Let's Encrypt, CN = R3
Issuer:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Version:2
Serial Number:912b084acf0c18a753f6d62e25a75f5a
Signature Algorithm:sha256WithRSAEncryption
Public Key Algorithm:rsaEncryption
X509v3 Key Usage:Digital Signature, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Basic Constraints:CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
X509v3 Authority Key Identifier:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
Authority Information Access:CA Issuers - URI:http://x1.i.lencr.org/
X509v3 CRL Distribution Points:Full Name:
  URI:http://x1.c.lencr.org/
X509v3 Certificate Policies:Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
Start date:Sep  4 00:00:00 2020 GMT
Expire date:Sep 15 16:00:00 2025 GMT
RSA Public Key:2048
rsa(n):BB021528CCF6A094D30F12EC8D5592C3F882F199A67A4288A75D26AAB52BB9C54CB1AF8E6BF975C8A3D70F4794145535578C9EA8A23919F5823C42A94E6EF53BC32EDB8DC0B05CF35938E7EDCF69F05A0B1BBEC094242587FA3771B313E71CACE19BEFDBE43B45524596A9C153CE34C852EEB5AEED8FDE6070E2A554ABB66D0E97A540346B2BD3BC66EB66347CFA6B8B8F572999F830175DBA726FFB81C5ADD286583D17C7E709BBF12BF786DCC1DA715DD446E3CCAD25C188BC60677566B3F118F7A25CE653FF3A88B647A5FF1318EA9809773F9D53F9CF01E5F5A6701714AF63A4FF99B3939DDC53A706FE48851DA169AE2575BB13CC5203F5ED51A18BDB15
rsa(e):10001
Signature:85:ca:4e:47:3e:a3:f7:85:44:85:bc:d5:67:78:b2:98:63:ad:75:4d:1e:96:3d:33:65:72:54:2d:81:a0:ea:c3:ed:f8:20:bf:5f:cc:b7:70:00:b7:6e:3b:f6:5e:94:de:e4:20:9f:a6:ef:8b:b2:03:e7:a2:b5:16:3c:91:ce:b4:ed:39:02:e7:7c:25:8a:47:e6:65:6e:3f:46:f4:d9:f0:ce:94:2b:ee:54:ce:12:bc:8c:27:4b:b8:c1:98:2f:a2:af:cd:71:91:4a:08:b7:c8:b8:23:7b:04:2d:08:f9:08:57:3e:83:d9:04:33:0a:47:21:78:09:82:27:c3:2a:c8:9b:b9:ce:5c:f2:64:c8:c0:be:79:c0:4f:8e:6d:44:0c:5e:92:bb:2e:f7:8b:10:e1:e8:1d:44:29:db:59:20:ed:63:b9:21:f8:12:26:94:93:57:a0:1d:65:04:c1:0a:22:ae:10:0d:43:97:a1:18:1f:7e:e0:e0:86:37:b5:5a:b1:bd:30:bf:87:6e:2b:2a:ff:21:4e:1b:05:c3:f5:18:97:f0:5e:ac:c3:a5:b8:6a:f0:2e:bc:3b:33:b9:ee:4b:de:cc:fc:e4:af:84:0b:86:3f:c0:55:43:36:f6:68:e1:36:17:6a:8e:99:d1:ff:a5:40:a7:34:b7:c0:d0:63:39:35:39:75:6e:f2:ba:76:c8:93:02:e9:a9:4b:6c:17:ce:0c:02:d9:bd:81:fb:9f:b7:68:d4:06:65:b3:82:3d:77:53:f8:8e:79:03:ad:0a:31:07:75:2a:43:d8:55:97:72:c4:29:0e:f7:c4:5d:4e:c8:ae:46:84:30:d7:f2:85:5f:18:a1:79:bb:e7:5e:70:8b:07:e1:86:93:c3:b9:8f:dc:61:71:25:2a:af:df:ed:25:50:52:68:8b:92:dc:e5:d6:b5:e3:da:7d:d0:87:6c:84:21:31:ae:82:f5:fb:b9:ab:c8:89:17:3d:e1:4c:e5:38:0e:f6:bd:2b:bd:96:81:14:eb:d5:db:3d:20:a7:7e:59:d3:e2:f8:58:f9:5b:b8:48:cd:fe:5c:4f:16:29:fe:1e:55:23:af:c8:11:b0:8d:ea:7c:93:90:17:2f:fd:ac:a2:09:47:46:3f:f0:e9:b0:b7:ff:28:4d:68:32:d6:67:5e:1e:69:a3:93:b8:f5:9d:8b:2f:0b:d2:52:43:a6:6f:32:57:65:4d:32:81:df:38:53:85:5d:7e:5d:66:29:ea:b8:dd:e4:95:b5:cd:b5:56:12:42:cd:c4:4e:c6:25:38:44:50:6d:ec:ce:00:55:18:fe:e9:49:64:d4:4e:ca:97:9c:b4:5b:c0:73:a8:ab:b8:47:c2:
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
Subject:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Issuer:O = Digital Signature Trust Co., CN = DST Root CA X3
Version:2
Serial Number:4001772137d4e942b8ee76aa3c640ab7
Signature Algorithm:sha256WithRSAEncryption
Public Key Algorithm:rsaEncryption
X509v3 Basic Constraints:CA:TRUE
X509v3 Key Usage:Certificate Sign, CRL Sign
Authority Information Access:CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c
X509v3 Authority Key Identifier:C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
X509v3 Certificate Policies:Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
  CPS: http://cps.root-x1.letsencrypt.org
X509v3 CRL Distribution Points:Full Name:
  URI:http://crl.identrust.com/DSTROOTCAX3CRL.crl
X509v3 Subject Key Identifier:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
Start date:Jan 20 19:14:03 2021 GMT
Expire date:Sep 30 18:14:03 2024 GMT
RSA Public Key:4096
rsa(n):ADE82473F41437F39B9E2B57281C87BEDCB7DF38908C6E3CE657A078F775C2A2FEF56A6EF6004F28DBDE68866C4493B6B163FD14126BBF1FD2EA319B217ED1333CBA48F5DD79DFB3B8FF12F1219A4BC18A8671694A66666C8F7E3C70BFAD292206F3E4C0E680AEE24B8FB7997E94039FD347977C99482353E838AE4F0A6F832ED149578C8074B6DA2FD0388D7B0370211B75F2303CFA8FAEDDDA63ABEB164FC28E114B7ECF0BE8FFB5772EF4B27B4AE04C12250C708D0329A0E15324EC13D9EE19BF10B34A8C3F89A36151DEAC870794F46371EC2EE26F5B9881E1895C34796C76EF3B906279E6DBA49A2F26C5D010E10EDED9108E16FBB7F7A8F7C7E50207988F360895E7E237960D36759EFB0E72B11D9BBC03F94905D881DD05B42AD641E9AC0176950A0FD8DFD5BD121F352F28176CD298C1A80964776E4737BACEAC595E689D7F72D689C50641293E593EDD26F524C911A75AA34C401F46A199B5A73A516E863B9E7D72A712057859ED3E5178150B038F8DD02F05B23E7B4A1C4B730512FCC6EAE050137C439374B3CA74E78E1F0108D030D45B7136B407BAC130305C48B7823B98A67D608AA2A32982CCBABD83041BA2830341A1D605F11BC2B6F0A87C863B46A8482A88DC769A76BF1F6AA53D198FEB38F364DEC82B0D0A28FFF7DBE21542D422D0275DE179FE18E77088AD4EE6D98B3AC6DD27516EFFBC64F533434F
rsa(e):10001
Signature:0a:73:00:6c:96:6e:ff:0e:52:d0:ae:dd:8c:e7:5a:06:ad:2f:a8:e3:8f:bf:c9:0a:03:15:50:c2:e5:6c:42:bb:6f:9b:f4:b4:4f:c2:44:88:08:75:cc:eb:07:9b:14:62:6e:78:de:ec:27:ba:39:5c:f5:a2:a1:6e:56:94:70:10:53:b1:bb:e4:af:d0:a2:c3:2b:01:d4:96:f4:c5:20:35:33:f9:d8:61:36:e0:71:8d:b4:b8:b5:aa:82:45:95:c0:f2:a9:23:28:e7:d6:a1:cb:67:08:da:a0:43:2c:aa:1b:93:1f:c9:de:f5:ab:69:5d:13:f5:5b:86:58:22:ca:4d:55:e4:70:67:6d:c2:57:c5:46:39:41:cf:8a:58:83:58:6d:99:fe:57:e8:36:0e:f0:0e:23:aa:fd:88:97:d0:e3:5c:0e:94:49:b5:b5:17:35:d2:2e:bf:4e:85:ef:18:e0:85:92:eb:06:3b:6c:29:23:09:60:dc:45:02:4c:12:18:3b:e9:fb:0e:de:dc:44:f8:58:98:ae:ea:bd:45:45:a1:88:5d:66:ca:fe:10:e9:6f:82:c8:11:42:0d:fb:e9:ec:e3:86:00:de:9d:10:e3:38:fa:a4:7d:b1:d8:e8:49:82:84:06:9b:2b:e8:6b:4f:01:0c:38:77:2e:f9:dd:e7:39:
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

@bagder
Copy link
Member Author

bagder commented Dec 8, 2022

I have also verified that saving this output for a self-sign host in a file works fine to use with --cacerts in a subsequent invoke

@bagder bagder marked this pull request as ready for review December 8, 2022 13:51
emilengler
emilengler reviewed Dec 13, 2022
View changes
Copy link
Contributor

@emilengler emilengler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add at least one new test containing one certificate, because with the current approach, only a fraction of this code gets tested, as several branches are not even entered due to the lack of certificates.

src/tool_writeout.c Show resolved Hide resolved
bagder added a commit that referenced this pull request Dec 26, 2022
@bagder
writeout: add %{certs} and %{num_certs}
d5cdd7f 
Let users get the server certificate chain using the command line

Closes #10019
bagder added a commit that referenced this pull request Dec 27, 2022
@bagder
writeout: add %{certs} and %{num_certs}
c4d64e0 
Let users get the server certificate chain using the command line

Closes #10019
@bagder
writeout: add %{certs} and %{num_certs}
b1b8e79 
Let users get the server certificate chain using the command line

Closes #10019
@bagder
test417: verify %{certs} output
4af631d
@bagder
runtests: make 'mbedtls' a testable feature
fd4415a 
Also add to FILEFORMAT.md
@bagder bagder closed this in c6aa19c Dec 27, 2022
@bagder bagder deleted the bagder/certs branch December 27, 2022 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilengler emilengler

Assignees
No one assigned
Labels
cmdline tool TLS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bagder @emilengler