feat: add tls information into info command output

Signed-off-by: Ben G <[email protected]>

Author: BenjaminGoehry

src/facade/dragonfly_listener.cc

@@ -133,6 +133,33 @@ void OverriddenSSLFree(void* addr, const char* file, int line) {
   mi_free(addr);
 }
 
+TLSCertificateInfo GetCertInfoFromCtx(const SSL_CTX* ctx) {
+  TLSCertificateInfo info;
+
+  X509* cert = SSL_CTX_get0_certificate(ctx);
+  if (!cert) {
+    info.commonName = "none";
+    info.issueDate = 0;
+    info.expirationDate = 0;
+    return info;
+  }
+
+  X509_NAME* subject = X509_get_subject_name(cert);
+  int loc = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
+  if (loc >= 0) {
+    X509_NAME_ENTRY* entry = X509_NAME_get_entry(subject, loc);
+    X509_NAME_get_text_ex(entry->value, info.commonName.data(), 256, 0);
+  }
+
+  ASN1_TIME* notBefore = X509_get_notBefore(cert);
+  ASN1_TIME* notAfter = X509_get_notAfter(cert);
+
+  info.issueDate = ASN1_GetTimeT(notBefore);
+  info.expirationDate = ASN1_GetTimeT(notAfter);
+
+  return info;
+}
+
 }  // namespace
 
 Listener::Listener(Protocol protocol, ServiceInterface* si, Role role)
@@ -221,9 +248,11 @@ bool Listener::ReconfigureTLS() {
     if (!ctx) {
       return false;
     }
+    cert_info_ = GetCertInfoFromCtx(ctx);
     ctx_ = ctx;
   } else {
     ctx_ = nullptr;
+    cert_info_ = TLSCertificateInfo{};
   }
 
   if (prev_ctx) {

src/facade/dragonfly_listener.h

@@ -26,6 +26,12 @@ namespace facade {
 class ServiceInterface;
 class Connection;
 
+struct TLSCertificateInfo {
+  string commonName;
+  int64_t expirationDate;
+  int64_t issueDate;
+};
+
 class Listener : public util::ListenerInterface {
  public:
   // The Role PRIVILEGED is for admin port/listener
@@ -55,6 +61,13 @@ class Listener : public util::ListenerInterface {
     return protocol_;
   }
 
+  const TLSCertificateInfo& GetCertInfo() const {
+    return cert_info_;
+  }
+  bool HasTLS() const {
+    return ctx_ != nullptr;
+  }
+
  private:
   util::Connection* NewConnection(ProactorBase* proactor) final;
   ProactorBase* PickConnectionProactor(util::FiberSocketBase* sock) final;
@@ -79,6 +92,7 @@ class Listener : public util::ListenerInterface {
 
   Protocol protocol_;
   SSL_CTX* ctx_ = nullptr;
+  TLSCertificateInfo cert_info_;
 };
 
 // Dispatch tracker allows tracking the dispatch state of connections and blocking until all

src/server/server_family.cc

@@ -2978,6 +2978,16 @@ string ServerFamily::FormatInfoMetrics(const Metrics& m, std::string_view sectio
     append("executable", base::kProgramName);
     absl::CommandLineFlag* flagfile_flag = absl::FindCommandLineFlag("flagfile");
     append("config_file", flagfile_flag->CurrentValue());
+
+    for (const facade::Listener* listener : listeners_) {
+      if (listener->HasTLS()) {
+        const auto& cert = listener->GetCertInfo();
+        append("tls_cert_common_name", cert.commonName);
+        append("tls_cert_issue_date", std::to_string(cert.issueDate));
+        append("tls_cert_expiration_date", std::to_string(cert.expirationDate));
+        break;
+      }
+    }
   };
 
   auto add_clients_info = [&] {