Hi, this is a small doc patch for ssl-load-extra-files. I will create a feature request to support separating the key from the certificate when used on server lines, as discussed privately with William.
-- Jérôme
>From 01cfd0dcd2f7efbb90a25bd2f72053bdbd5f559c Mon Sep 17 00:00:00 2001 From: Jerome Magnin <[email protected]> Date: Mon, 7 Sep 2020 11:55:57 +0200 Subject: [PATCH] DOC: ssl-load-extra-files only applies to certificates on bind lines. Be explicit about ssl-load-extra-files not applying to certificates referenced with the crt keyword on server lines. --- doc/configuration.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index a8242793a..c1f6f8219 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1373,7 +1373,8 @@ ssl-dh-param-file <file> ssl-load-extra-files <none|all|bundle|sctl|ocsp|issuer|key>* This setting alters the way HAProxy will look for unspecified files during - the loading of the SSL certificates. + the loading of the SSL certificates associated to "bind" lines. It does not + apply to certificates used for client authentication on "server" lines. By default, HAProxy discovers automatically a lot of files not specified in the configuration, and you may want to disable this behavior if you want to -- 2.28.0
