From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 10 Jan 2023 13:44:27 +0000 (+0100)
Subject: DOC: management: add details on "Used" status
X-Git-Tag: v2.8-dev2~69
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c39526dab7c476452cbf614f5d57d5172eeb1fb;p=thirdparty%2Fhaproxy.git

DOC: management: add details on "Used" status

Add details on the "Used" status of the "show crl/ca-file/cert" CLI
command.

Could be backported in every branch till 2.5.

Should fix issue #1979.
---

diff --git a/doc/management.txt b/doc/management.txt
index ae3ab9a230..cef3b38a20 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -3273,8 +3273,10 @@ show stat [domain <dns|proxy>] [{<iid>|<proxy>} <type> <sid>] [typed|json] \
     python -m json.tool
 
 show ssl ca-file [<cafile>[:<index>]]
-  Display the list of CA files used by HAProxy and their respective certificate
-  counts. If a filename is prefixed by an asterisk, it is a transaction which
+  Display the list of CA files loaded into the process and their respective
+  certificate counts. The certificates are not used by any frontend or backend
+  until their status is "Used".
+  If a filename is prefixed by an asterisk, it is a transaction which
   is not committed yet. If a <cafile> is specified without <index>, it will show
   the status of the CA file ("Used"/"Unused") followed by details about all the
   certificates contained in the CA file. The details displayed for every
@@ -3317,7 +3319,8 @@ show ssl ca-file [<cafile>[:<index>]]
     [...]
 
 show ssl cert [<filename>]
-  Display the list of certificates used on frontends and backends.
+  Display the list of certificates loaded into the process. They are not used
+  by any frontend or backend until their status is "Used".
   If a filename is prefixed by an asterisk, it is a transaction which is not
   committed yet. If a filename is specified, it will show details about the
   certificate. This command can be useful to check if a certificate was well
@@ -3339,6 +3342,7 @@ show ssl cert [<filename>]
 
     $ echo "@1 show ssl cert test.local.pem" | socat /var/run/haproxy.master -
     Filename: test.local.pem
+    Status: Used
     Serial: 03ECC19BA54B25E85ABA46EE561B9A10D26F
     notBefore: Sep 13 21:20:24 2019 GMT
     notAfter: Dec 12 21:20:24 2019 GMT
@@ -3350,10 +3354,12 @@ show ssl cert [<filename>]
 
     $ echo "@1 show ssl cert *test.local.pem" | socat /var/run/haproxy.master -
     Filename: *test.local.pem
+    Status: Unused
     [...]
 
 show ssl crl-file [<crlfile>[:<index>]]
-  Display the list of CRL files used by HAProxy.
+  Display the list of CRL files loaded into the process. They are not used
+  by any frontend or backend until their status is "Used".
   If a filename is prefixed by an asterisk, it is a transaction which is not
   committed yet. If a <crlfile> is specified without <index>, it will show the
   status of the CRL file ("Used"/"Unused") followed by details about all the