From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 10 Jan 2023 14:07:12 +0000 (+0100)
Subject: DOC: management: add details about @system-ca in "show ssl ca-file"
X-Git-Tag: v2.8-dev2~68
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f29c4155a81dd58dcdc95f2212d665a5096a205a;p=thirdparty%2Fhaproxy.git

DOC: management: add details about @system-ca in "show ssl ca-file"

Explain why @system-ca is seen in "show ssl ca-file".

Should fix issue #1979.

Can be backported till 2.6.
---

diff --git a/doc/management.txt b/doc/management.txt
index cef3b38a20..5a15ec06e0 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -3276,6 +3276,9 @@ show ssl ca-file [<cafile>[:<index>]]
   Display the list of CA files loaded into the process and their respective
   certificate counts. The certificates are not used by any frontend or backend
   until their status is "Used".
+  A "@system-ca" entry can appear in the list, it is loaded by the httpclient
+  by default. It contains the list of trusted CA of your system returned by
+  OpenSSL.
   If a filename is prefixed by an asterisk, it is a transaction which
   is not committed yet. If a <cafile> is specified without <index>, it will show
   the status of the CA file ("Used"/"Unused") followed by details about all the