383fb1472e
The updated CA content coming from the CLI during a ca-file update will directly be in memory and not on disk so the way CAs are loaded in a cafile_entry for now (via X509_STORE_load_locations calls) cannot be used. This patch adds a way to fill a cafile_entry directly from memory and to load the contained certificate and CRL sections into an SSL store. CRL sections are managed as well as certificates in order to mimic the way CA files are processed when specified in an option. Indeed, when parsing a CA file given through a ca-file or ca-verify-file option, we iterate over the different sections in ssl_set_cert_crl_file and load them regardless of their type. This ensures that a file that was properly parsed when given as an option will also be accepted by the CLI.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)