git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Dauchy <w.dauchy@criteo.com>
	Sat, 26 Sep 2020 11:35:52 +0000 (13:35 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Sun, 27 Sep 2020 19:54:10 +0000 (21:54 +0200)
commit	25407965fdf607f98dd7d134aad0d3d79e16cde0
tree	ddb8f0b906dad2167a8e4c9e05f1128087b18e8e	tree \| snapshot
parent	f8e795ca04a2e89b801c40843b1b79fd97251606	commit \| diff

DOC: crt: advise to move away from cert bundle

especially when starting to use `new ssl cert` runtime API, it might
become a bit confusing for users to mix bundle and single cert,
especially when it comes to use the commit command:
e.g.:
- start the process with `crt` loading a bundle
- use `set ssl cert my_cert.pem.ecdsa`: API detects it as a replacement
  of a bundle.
- `commit` has to be done on the bundle: `commit ssl cert my_cert.pem`

however:
- add a new cert: `new ssl cert my_cert.pem.rsa`: added as a single
  certificate
- `commit` has to be done on the certificate: `commit ssl cert
  my_cert.pem.rsa`

this should resolve github issue #872

this should probably be backported in >= v2.2 in order to encourage
people to move away from bundle certificates loading.

Signed-off-by: William Dauchy <w.dauchy@criteo.com>

doc/configuration.txt		diff \| blob \| blame \| history
doc/management.txt		diff \| blob \| blame \| history