designates a PEM file from which to load CA certificates used to verify
client's certificate. It is possible to load a directory containing multiple
CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
- .crl" available in the directory.
+ .crl" available in the directory, files starting with a dot are ignored.
ca-ignore-err [all|<errorID>,...]
This setting is only available when support for OpenSSL was built in.
designates a PEM file from which to load CA certificates used to verify
server's certificate. It is possible to load a directory containing multiple
CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
- .crl" available in the directory.
+ .crl" available in the directory, files starting with a dot are ignored.
In order to use the trusted CAs of your system, the "@system-ca" parameter
could be used in place of the cafile. The location of this directory could be
* been loaded in an hashed directory loaded by
* X509_LOOKUP_hash_dir, so according to "man 1
* c_rehash", we should load ".pem", ".crt",
- * ".cer", or ".crl"
+ * ".cer", or ".crl". Files starting with a dot
+ * are ignored.
*/
end = strrchr(de->d_name, '.');
- if (!end || (strcmp(end, ".pem") != 0 &&
- strcmp(end, ".crt") != 0 &&
- strcmp(end, ".cer") != 0 &&
- strcmp(end, ".crl") != 0)) {
+ if (!end || de->d_name[0] == '.' ||
+ (strcmp(end, ".pem") != 0 &&
+ strcmp(end, ".crt") != 0 &&
+ strcmp(end, ".cer") != 0 &&
+ strcmp(end, ".crl") != 0)) {
free(de);
continue;
}
projects / thirdparty / haproxy.git / commitdiff
