On Fri, Jun 1, 2018 at 11:13 AM, Aurélien Nephtali <[email protected]> wrote: > > We also need to agree on the payload format to use in the add command: > only the PEM certificate is supported at the moment but when there > will be OCSP + SCTL support it will become messy very quick. > In my tests I am using something like "cert=[...] ocsp=[...] > issuer=[...] sctl=[...]" but it is not pretty. > I thought of using an INI file format but it is not very handy if you > have to craft a file just for one operation.
Another idea would be to add a binary protocol to the CLI and distribute a tool that would implement this protocol. The add command would be the first to leverage this protocol to easily upload certificates and all other stuff that may come with it. The CLI parser would switch in binary parsing when receiving a special command (or a special binary pattern). Having two incompatible ways to speak to the software can be confusing but as socat is required to speak to haproxy, using another tool may not be that crazy. -- Aurélien Nephtali
