From: William Lallemand Date: Tue, 30 Apr 2024 20:31:47 +0000 (+0200) Subject: MINOR: ssl: rename tune.ssl.ocsp-update.mode in ocsp-update.mode X-Git-Tag: v3.0-dev12~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee58fac1b4eb0e59787ded921e0a0e1015a3e62c;p=thirdparty%2Fhaproxy.git MINOR: ssl: rename tune.ssl.ocsp-update.mode in ocsp-update.mode Since the ocsp-update is not strictly a tuning of the SSL stack, but a feature of its own, lets rename the option. The option was also missing from the index. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index bc7cd7f0af..621eb6bd1e 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1291,6 +1291,7 @@ The following keywords are supported in the "global" section : - node - numa-cpu-mapping - ocsp-update.httpproxy + - ocsp-update.mode - pidfile - pp2-never-send-local - presetenv @@ -2170,11 +2171,19 @@ numa-cpu-mapping already specified, for example via the 'cpu-map' directive or the taskset utility. + ocsp-update.httpproxy
[:port] Allow to use an HTTP proxy for the OCSP updates. This only works with HTTP, HTTPS is not supported. This option will allow the OCSP updater to send absolute URI in the request to the proxy. +ocsp-update.mode [ on | off ] + Sets the default ocsp-update mode for all certificates used in the + configuration. This global option can be superseded by the crt-list + "ocsp-update" option. This option is set to "off" by default. + See option "ocsp-update" for more information about the auto update + mechanism. + pidfile Writes PIDs of all daemons into file when daemon mode or writes PID of master process into file when master-worker mode. This option is @@ -4025,15 +4034,6 @@ tune.ssl.ocsp-update.mindelay "tune.ssl.ocsp-update.maxdelay". See option "ocsp-update" for more information about the auto update mechanism. -tune.ssl.ocsp-update.mode [ on | off ] - Sets the default ocsp-update mode for all certificates used in the - configuration. This global option can be superseded by the crt-list - "ocsp-update" option but an error will be raised if a given certificate has - two distinct configurations simultaneously. This option is set to "off" by - default. - See option "ocsp-update" for more information about the auto update - mechanism. - tune.stick-counters Sets the number of stick-counters that may be tracked at the same time by a connection or a request via "track-sc*" actions in "tcp-request" or diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index fa1a6e7bc6..8214fe6e18 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -2024,7 +2024,7 @@ static struct cfg_kw_list cfg_kws = {ILH, { #ifndef OPENSSL_NO_OCSP { CFG_GLOBAL, "tune.ssl.ocsp-update.maxdelay", ssl_parse_global_ocsp_maxdelay }, { CFG_GLOBAL, "tune.ssl.ocsp-update.mindelay", ssl_parse_global_ocsp_mindelay }, - { CFG_GLOBAL, "tune.ssl.ocsp-update.mode", ssl_parse_global_ocsp_update_mode }, + { CFG_GLOBAL, "ocsp-update.mode", ssl_parse_global_ocsp_update_mode }, { CFG_GLOBAL, "ocsp-update.httpproxy", ocsp_update_parse_global_http_proxy }, #endif { 0, NULL, NULL },