Corrected various spelling and phrasing errors to improve clarity and consistency.
respected. This is recommended on multi-socket and NUMA
systems, as well as CPUs with bad inter-CCX latencies.
On most server machines, clusters and CCX are the same,
- but on heterogenous machines ("performance" vs
+ but on heterogeneous machines ("performance" vs
"efficiency" or "big" vs "little"), a cluster will
generally be made of only a part of a CCX composed only
of very similar CPUs (same type, +/-5% frequency
The result of the last check is cached for 30 seconds.
When a single family is used, no request will be sent to resolvers for the
- other family, and any response for the othe family will be ignored. The
+ other family, and any response for the other family will be ignored. The
default value since 3.3 is "auto", which effectively enables both families
only once IPv6 has been proven to be routable, otherwise sticks to IPv4.
See also: "resolve-prefer", "do-resolve"
RFC9110#section-6.5.1 stated that trailer fields could be merged into the
header fields. It should be done on purpose, but it may be a problem for some
- applications, espcially if malicious clients hide sensitive header fields in
+ applications, especially if malicious clients hide sensitive header fields in
the trailers part and some intermediaries merge them with headers with no
specific checks. In that case, this option can be enabled on the backend to
drop any trailer fields found in requests before sending them to the server.
It may be useful to precise here, which load balancing algorithms are
considered deterministic. Deterministic algorithms will always select the same
server for a given client data, assuming the set of available servers has not
- changed. In general, deterministic algorithms involve hasing or lookups on the
+ changed. In general, deterministic algorithms involve hashing or lookups on the
incoming requests to choose the target server. However, this is not always the
case; "static-rr", for example, can be also considered as deterministic because
the server choice is based on the server's static weight, making the selection
Usable in: QUIC Ini| TCP RqCon| RqSes| RqCnt| RsCnt| HTTP Req| Res| Aft
- | - | - | - | - | X | X | -
- This suspends the message analysis for the sepcified number of milliseconds.
+ This suspends the message analysis for the specified number of milliseconds.
The timeout can be specified in milliseconds or with any other unit if the
number is suffixed by the unit as explained at the top of this document. It
is also possible to write an expression which must return a number
Server Name Indication field matching one of the SNI filters, or the CN and
SAN of a <crtfile>. The matching algorithm first looks for a positive domain
entry in the list, if not found it will try to look for a wildcard in the
- list. If a wilcard match, haproxy checks for a negative filter from the
+ list. If a wildcard match, haproxy checks for a negative filter from the
same line and unmatch if necessary. In case of multiple key algorithms
(RSA,ECDSA,DSA), HAProxy will try to match one certificate per type and
chose the right one depending on what is supported by the client.
certificate, either from crt or crt-list option.
It is also possible to declare a '*' filter, which will add this
certificate to the list of default certificates. To clarify the
- configuration, the default certificates could be explicited (with a '*'
+ configuration, the default certificates could be explicit (with a '*'
filter) at the beginning of the list, so an implicit default is not added
before.
Due to multi-cert bundles being duplicated for each algorithm in the
This setting is only available when support for OpenSSL was built in. It
enables the stateless session resumption (RFC 5077 TLS Ticket extension). It
is the default, but it may be needed to selectively re-enable the feature on
- a "bind" line if it had been globaly disabled via "no-tls-tickets" mentioned
+ a "bind" line if it had been globally disabled via "no-tls-tickets" mentioned
in "ssl-default-bind-options". See also the "no-tls-tickets" bind keyword.
tls-ticket-keys <keyfile>
This setting is only available when support for OpenSSL was built in. It
disables the renegotiation mechanisms, be it the legacy unsafe one or the
- more recent "secure renegotation" one (RFC 5746 TLS Renegotiation Indication
+ more recent "secure renegotiation" one (RFC 5746 TLS Renegotiation Indication
Extension) for the given SSL backend. This option is also available on global
statement "ssl-default-server-options".
- Renegotiation is not posible anymore in TLS 1.3.
+ Renegotiation is not possible anymore in TLS 1.3.
If neither "renegotiate" nor "no-renegotiate" is specified, the SSL library's
default behavior is kept.
Note that for instance OpenSSL library enables secure renegotiation by
backends to renegotiate when servers request it. It still requires that the
underlying SSL library actually supports renegotiation.
This option is also available on global statement "ssl-default-server-options".
- Renegotiation is not posible anymore in TLS 1.3.
+ Renegotiation is not possible anymore in TLS 1.3.
If neither "renegotiate" nor "no-renegotiate" is specified, the SSL library's
default behavior is kept.
Note that for instance OpenSSL library enables secure renegotiation by
The sections described below are less commonly used and usually support only a
few parameters. There is no implicit relation between any of them. They're all
started using a single keyword. None of them is permitted before a "global"
-section. The support for some of them might be conditionned by build options
+section. The support for some of them might be conditioned by build options
(e.g. anything SSL-related).
12.1. Traces
Give back the hand at the HAProxy scheduler. Unlike :js:func:`core.yield`
the task will not be woken up automatically to resume as fast as possible.
Instead, it will wait for an event to wake the task. If milliseconds argument
- is provided then the Lua excecution will be automatically resumed passed this
+ is provided then the Lua execution will be automatically resumed passed this
delay even if no event caused the task to wake itself up.
:param integer milliseconds: automatic wakeup passed this delay. (optional)
**context**: task, action
Give back the hand at the HAProxy scheduler. It is used when the LUA
- processing consumes a lot of processing time. Lua excecution will be resumed
+ processing consumes a lot of processing time. Lua execution will be resumed
automatically (automatic reschedule).
.. js:function:: core.parse_addr(address)
Without any option, this will cycle through prompt mode then non-interactive
mode. In non-interactive mode, the connection is closed after the last
- command of the current line compltes. In interactive mode, the connection is
+ command of the current line completes. In interactive mode, the connection is
not closed after a command completes, so that a new one can be entered. In
prompt mode, the interactive mode is still in use, and a prompt will appear
at the beginning of the line, indicating to the user that the interpreter is
unsigned int update; /* uses updt_lock */
unsigned int localupdate; /* uses updt_lock */
unsigned int commitupdate;/* used to identify the latest local updates pending for sync, uses updt_lock */
- struct tasklet *updt_task;/* tasklet responsable for pushing the pending updates into the tree */
+ struct tasklet *updt_task;/* tasklet responsible for pushing the pending updates into the tree */
THREAD_ALIGN(64);
/* this lock is heavily used and must be on its own cache line */
# Variables
# This first case only works because the certificate
- # is already explicitely used in a previous jwt_verify call.
+ # is already explicitly used in a previous jwt_verify call.
http-response set-var(txn.cert) str("${testdir}/cert.rsa.pem")
http-response set-header x-jwt-verify-RS256-var1 %[var(txn.bearer),jwt_verify(txn.jwt_alg,txn.cert)] if { var(txn.jwt_alg) -m str "RS256" }
http-response set-var(txn.cert) str("@named_store${testdir}/cert.rsa.pem")
/* first check if the ID was already used */
if (cur_acme->linenum > 0) {
- /* an unitialized section is created when parsing the "acme" keyword in a crt-store, with a
+ /* an uninitialized section is created when parsing the "acme" keyword in a crt-store, with a
* linenum <= 0, however, when the linenum > 0, it means we already created a section with this
* name */
err_code |= ERR_ALERT | ERR_FATAL;
i++;
}
/* Pass the payload to the last command. It happens when the end of the
- * commend is just before the payload pattern.
+ * command is just before the payload pattern.
*/
if (appctx->cli_ctx.payload && appctx->cli_ctx.payload == end + strlen(appctx->cli_ctx.payload_pat) + 3) {
appctx->st1 |= APPCTX_CLI_ST1_LASTCMD;
appctx->cli_ctx.payload_pat[sizeof(appctx->cli_ctx.payload_pat)-1] = '\0';
/* The last command finishes before the payload pattern.
- * Dont' strip trailing spaces to be sure to detect when
+ * Don't strip trailing spaces to be sure to detect when
* the payload should be used.
*/
*last_arg = '\0';
str[len] = '\0';
/* look for a pattern at the end of the payload
- * (take care to exclue last character because it is a \n)
+ * (take care to exclude the last character because it is a \n)
*/
if (len-1 == strlen(appctx->cli_ctx.payload_pat)) {
if (strncmp(str, appctx->cli_ctx.payload_pat, len-1) == 0) {
/* request errors are most likely due to the server aborting the
* transfer. But handle server aborts only if the response was
* not received yet. Otherwise, let the response analyzer the
- * responsability to handle the error. It is especially
+ * responsibility to handle the error. It is especially
* important to properly handle L7-retries but also K/A silent close.
*/
if (txn->rsp.msg_state >= HTTP_MSG_BODY && htx_is_empty(htxbuf(&s->res.buf)))
/* waiting for the last bits to leave the buffer */
if (s->scb->flags & SC_FL_SHUT_DONE) {
/* Handle server aborts only if the response was not received
- * yet. Otherwise, let the response analyzer the responsability
+ * yet. Otherwise, let the response analyzer the responsibility
* to handle the error. It is especially important to properly
* handle L7-retries but also K/A silent close.
*/
}
/* Update the ckch_store and public key reference of a jwt_entry. This is only
- * useful whne updating a certificate from the CLI if it was being used for JWT
+ * useful when updating a certificate from the CLI if it was being used for JWT
* validation.
*/
void jwt_replace_ckch_store(struct ckch_store *old_ckchs, struct ckch_store *new_ckchs)
TRACE_ENTER(QMUX_EV_QCS_NEW, conn);
/* Flow control limit on bidi streams should already have
- * been checked by a prior qmux_avail_streams() invokation.
+ * been checked by a prior qmux_avail_streams() invocation.
*/
BUG_ON(!qcc_fctl_avail_streams(qcc, 1));
/* prepares a new proxy <name> of type <cap> from the provided <px>
* pointer.
* <px> is assumed to be freshly allocated
- * <name> may be NULL: proxy id assigment will be skipped.
+ * <name> may be NULL: proxy id assignment will be skipped.
*
* Returns a 1 on success or 0 on failure (in which case errmsg must be checked
* then freed).
* Endpoints addresses are specified via <local_addr> and <peer_addr>.
* Returns the connection if succeeded, NULL if not.
* For QUIC clients, <dcid>, <scid>, <token_odcid>, <conn_id> must be null,
- * and <token> value must be 0. This is the responsability of the caller to ensure
+ * and <token> value must be 0. This is the responsibility of the caller to ensure
* this is the case.
*/
struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
HA_ATOMIC_DEC(&__objt_listener(qc->target)->rx.quic_curr_accept);
}
- /* Substract last congestion window from global memory counter. */
+ /* Subtract last congestion window from global memory counter. */
if (qc->path) {
cshared_add(&quic_mem_diff, -qc->path->cwnd);
qc->path->cwnd = 0;
return ret;
}
-/* Simple helper to set the specifig OpenSSL/quictls QUIC API callbacks */
+/* Simple helper to set the specific OpenSSL/quictls QUIC API callbacks */
static int quic_ssl_set_tls_cbs(SSL *ssl)
{
#ifdef HAVE_OPENSSL_QUIC
* conditions are verified (see qc_do_build_pkt()).
*
* For clients:
- * <padding> must be set to 1 only the current packet cannot be coalesed,
+ * <padding> must be set to 1 only the current packet cannot be coalesced,
* i.e. if the next qel is not present or empty.
*/
cur_pkt = qc_build_pkt(&pos, end, qel, tls_ctx, frms,
}
}
-/* allocate a server, attachs it to the global servers_list
+/* Allocates a server, attaches it to the global servers_list
* and adds it to <proxy> server list. Before deleting the server with
* srv_drop(), srv_detach() must be called to remove it from the parent
* proxy list
dst->conf.ocsp_update_mode = src->conf.ocsp_update_mode;
/* copy ckch_conf
- * XXX: could be automated for each fiedl with the
+ * XXX: could be automated for each field with the
* ckch_conf array used for parsing */
if (src->conf.crt)
projects / thirdparty / haproxy.git / commitdiff
