❦ 2 décembre 2017 10:47 GMT, "Aleksandar Lazic" <al-hapr...@none.at> :
> You can use the following line to full fill your request, untested.
>
> bind :443 ssl ca-file "${PATH_TO_CAFILE}" crl-file
> "${PATH_TO_CRLFILE}" verify "${VERIFY_MODE}"
If verify mode is set to optional, on browsers, this will still trigger
the dialog box to get a certificate from the user. AFAIK, there is no
way to achieve what Apache is doing using HAProxy: there is no code to
change SSL parameters after initial bind.
--
If you tell the truth you don't have to remember anything.
-- Mark Twain
