Manu, Am 21.01.20 um 12:42 schrieb Emmanuel Hocdet: > Patches updated, depend on "[PATCH] BUG/MINOR: ssl: > ssl_sock_load_pem_into_ckch is not consistent"
Out of curiosity: > +issuer-path <dir> > + Assigns a directory to load certificate chain for issuer completion. All > + files must be in PEM format. For certificates loaded with "crt" or > "crt-list", > + if certificate chain is not included in PEM (also commonly known as > intermediate > + certificate), haproxy will complete chain if issuer match the first > certificate > + of the chain loaded with "issuer-path". "issuer-path" directive can be set > + several times. Will HAProxy complete the chain if multiple intermediate certificates are required? Consider this: Root CA -> Intermediate CA -> Intermediate CB -> End Certificate I configure `issuer-path` to a directory that contains the following certificates: - Root CA - Intermediate CA - Intermediate CB Then I configure a `crt` pointing to a file containing only the End Certificate. What will HAProxy send to the client? Best regards Tim Düsterhus
