Description:
When I'm connected to a server which has SSL enabled it would like to verify:
- The CN in the certificate (e.g. display it, not just --ssl-verify-server-cert)
- The issuer of the certificate
- The certificate of the server
This is similar to what Firefox does for an SSL enabled website:
You are connected to: google.com
Verified by: Google Inc
The connection to this website is secure
If I click 'more details..' I get to see:
The certificate version, the whole certificate chain. Constraints, extensions CRL distribution points, fingerprints, OCSP url's, etc.
The validity of the certificate is already shown: Ssl_server_not_after/Ssl_server_not_after.
How to repeat:
Try to find information about the certificate presented by the server.
Suggested fix:
Expose more details about the certificate presented by the server.
Especially the CN/Subject and issuer.
e.g:
mysql -h foo.example.com:
Connected to foo.example.com (Certificate: *.example.com issued by MeMyselfAndI)
Maybe add it to "status / \s" in the client. Maybe add a dump certificate and/or pipe through certificate viewer option