DOC: configuration: add the ca-file changes

Add the documentation about the directory support and @system-ca for the
"ca-file" directive.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index cb05fef91c344e08d8b3d498c361308054cd9ff5..e184f4e767a60568e92fd899e8e0d31031bc407d 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13631,7 +13631,9 @@ ecdhe <named curve>
 ca-file <cafile>
   This setting is only available when support for OpenSSL was built in. It
   designates a PEM file from which to load CA certificates used to verify
-  client's certificate.
+  client's certificate. It is possible to load a directory containing multiple
+  CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
+  .crl" available in the directory.
 
 ca-ignore-err [all|<errorID>,...]
   This setting is only available when support for OpenSSL was built in.
@@ -14418,7 +14420,13 @@ backup
 ca-file <cafile>
   This setting is only available when support for OpenSSL was built in. It
   designates a PEM file from which to load CA certificates used to verify
-  server's certificate.
+  server's certificate. It is possible to load a directory containing multiple
+  CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
+  .crl" available in the directory.
+
+  In order to use the trusted CAs of your system, the "@system-ca" parameter
+  could be used in place of the cafile. The location of this directory could be
+  overwritten by setting the SSL_CERT_DIR environment variable.
 
 check
   This option enables health checks on a server: