On Mon, Sep 07, 2020 at 12:15:11PM +0200, Jerome Magnin wrote: > Hi, > > this is a small doc patch for ssl-load-extra-files. > I will create a feature request to support separating the key from the > certificate when used on server lines, as discussed privately with > William. > > -- > Jérôme
> From 01cfd0dcd2f7efbb90a25bd2f72053bdbd5f559c Mon Sep 17 00:00:00 2001 > From: Jerome Magnin <[email protected]> > Date: Mon, 7 Sep 2020 11:55:57 +0200 > Subject: [PATCH] DOC: ssl-load-extra-files only applies to certificates on > bind lines. > > Be explicit about ssl-load-extra-files not applying to certificates > referenced with the crt keyword on server lines. > --- > doc/configuration.txt | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/doc/configuration.txt b/doc/configuration.txt > index a8242793a..c1f6f8219 100644 > --- a/doc/configuration.txt > +++ b/doc/configuration.txt > @@ -1373,7 +1373,8 @@ ssl-dh-param-file <file> > > ssl-load-extra-files <none|all|bundle|sctl|ocsp|issuer|key>* > This setting alters the way HAProxy will look for unspecified files during > - the loading of the SSL certificates. > + the loading of the SSL certificates associated to "bind" lines. It does not > + apply to certificates used for client authentication on "server" lines. > > By default, HAProxy discovers automatically a lot of files not specified in > the configuration, and you may want to disable this behavior if you want to > -- > 2.28.0 > Thanks, applied. -- William Lallemand
