list_connections can now print a peer's ssl certificate

4 files changed, 25 insertions, 4 deletions

diff --git a/src/rabbit_control.erl b/src/rabbit_control.erl
index 6e6ad06cb3..67cea37b57 100644
--- a/src/rabbit_control.erl
+++ b/src/rabbit_control.erl
@@ -247,6 +247,8 @@ action(list_bindings, Node, Args, Inform) ->
 action(list_connections, Node, Args, Inform) ->
     Inform("Listing connections", []),
     ArgAtoms = default_if_empty(Args, [user, peer_address, peer_port, state]),
+    io:format("~p~n", [rpc_call(Node, rabbit_networking, connection_info_all,
+                               [ArgAtoms])]),
     display_info_list(rpc_call(Node, rabbit_networking, connection_info_all,
                                [ArgAtoms]),
                       ArgAtoms);
diff --git a/src/rabbit_net.erl b/src/rabbit_net.erl
index 6baa4b8864..b92d83efd3 100644
--- a/src/rabbit_net.erl
+++ b/src/rabbit_net.erl
@@ -33,7 +33,7 @@
 -include("rabbit.hrl").
 
 -export([async_recv/3, close/1, controlling_process/2,
-        getstat/2, peername/1, port_command/2,
+        getstat/2, peername/1, peercert/1, port_command/2,
         send/2, sockname/1]).
 
 %%---------------------------------------------------------------------------
@@ -60,6 +60,9 @@
         (socket())
         -> rabbit_types:ok({inet:ip_address(), rabbit_networking:ip_port()}) |
            error()).
+-spec(peercert/1 ::
+        (rabbit_types:ssl_socket()) -> rabbit_types:ok(any()) | error()).
+        %% any() should be x509_certificate()
 -spec(sockname/1 ::
         (socket())
         -> rabbit_types:ok({inet:ip_address(), rabbit_networking:ip_port()}) |
@@ -117,6 +120,12 @@ peername(Sock) when is_port(Sock) ->
     inet:peername(Sock).
 
 
+peercert(Sock) when is_record(Sock, ssl_socket) ->
+    public_key:pkix_decode_cert(ssl:peercert(Sock#ssl_socket.ssl), plain);
+peercert(_) ->
+    nossl.
+
+
 port_command(Sock, Data) when is_record(Sock, ssl_socket) ->
     case ssl:send(Sock#ssl_socket.ssl, Data) of
         ok ->
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl
index 3a3357ba9d..3fd5960c6b 100644
--- a/src/rabbit_networking.erl
+++ b/src/rabbit_networking.erl
@@ -235,11 +235,16 @@ connections() ->
 
 connection_info_keys() -> rabbit_reader:info_keys().
 
-connection_info(Pid) -> rabbit_reader:info(Pid).
+connection_info(Pid) ->
+    Info = rabbit_reader:info(Pid),
+    io:format("Got info: ~p~n", [Info]),
+    Info.
 connection_info(Pid, Items) -> rabbit_reader:info(Pid, Items).
 
 connection_info_all() -> cmap(fun (Q) -> connection_info(Q) end).
-connection_info_all(Items) -> cmap(fun (Q) -> connection_info(Q, Items) end).
+connection_info_all(Items) ->
+    io:format("The Items are ~p~n", [Items]),
+    cmap(fun (Q) -> connection_info(Q, Items) end).
 
 close_connection(Pid, Explanation) ->
     case lists:any(fun ({_, ChildPid, _, _}) -> ChildPid =:= Pid end,
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index b5514c822a..1b5946677a 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -61,7 +61,7 @@
              queue_collector}).
 
 -define(INFO_KEYS,
-        [pid, address, port, peer_address, peer_port,
+        [pid, address, port, peer_address, peer_port, peer_certificate,
          recv_oct, recv_cnt, send_oct, send_cnt, send_pend,
          state, channels, user, vhost, timeout, frame_max, client_properties]).
 
@@ -730,6 +730,11 @@ i(port, #v1{sock = Sock}) ->
 i(peer_address, #v1{sock = Sock}) ->
     {ok, {A, _}} = rabbit_net:peername(Sock),
     A;
+i(peer_certificate, #v1{sock = Sock}) ->
+    case rabbit_net:peercert(Sock) of
+        {ok, Cert} -> Cert;
+        nossl      -> nossl
+    end;
 i(peer_port, #v1{sock = Sock}) ->
     {ok, {_, P}} = rabbit_net:peername(Sock),
     P;