Hello, On Sat, Jun 03, 2023 at 04:28:30PM -0600, Shawn Heisey wrote: > On 6/3/23 15:37, Shawn Heisey wrote: > > On 6/3/23 15:28, Shawn Heisey wrote: > >> So maybe a completely separate global option makes sense. The > >> crt-list requirement is not really a burden for me, but for someone > >> who uses a LOT of certificates that change frequently, it probably > >> would become a burden. > > > > Unless it is possible to have a directory as an entry in the crt-list > > file like it is for the crt option. The crt-list doc does not say that > > this is possible, and I have not tested it. > > Using a directory as an entry in the crt-list file causes `haproxy -c > -f` to hang. Which I think means that crt-list doesn't support directories. >
Hm that's weird, that shouldn't load at all! I'll take a look. > How hard would it be to add that support? I would hope that most of the > code needed is already present in the part that parses crt options. > We won't support this, directories are represented internally as a crt-list, this would add a huge complexity in the code. crt-list were made as an cleaner alternative to directories so you could specify each file you need manually and set options to them. As I explained in my previous mail, the option was not set on the bind lines because of architectural problems, but you could expect to have a way to do it globally in future versions. -- William Lallemand
