sinjuginas/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DOC: management: add details about @system-ca in "show ssl ca-file"

Browse Source 
Explain why @system-ca is seen in "show ssl ca-file".

Should fix issue #1979.

Can be backported till 2.6.

(cherry picked from commit f29c4155a81dd58dcdc95f2212d665a5096a205a)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit f51c1076f811f3968d2b05a4751d5dafd4d6d61b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
This commit is contained in:
William Lallemand 2023-01-10 15:07:12 +01:00 committed by Christopher Faulet
parent 54727f77aa
commit 83d0d0f425
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/management.txt
View File

@ -3191,6 +3191,9 @@ show ssl ca-file [<cafile>[:<index>]]
Display the list of CA files loaded into the process and their respective
certificate counts. The certificates are not used by any frontend or backend
until their status is "Used".
A "@system-ca" entry can appear in the list, it is loaded by the httpclient
by default. It contains the list of trusted CA of your system returned by
OpenSSL.
If a filename is prefixed by an asterisk, it is a transaction which
is not committed yet. If a <cafile> is specified without <index>, it will show
the status of the CA file ("Used"/"Unused") followed by details about all the