DOC: management: certificate files must be sanitized before injection

A lot of people encounter problems when trying to inject a certificate
file which contains extra informations or empty lines.

This patch adds a paragraph and a sanitizing example.

Must be backported as far as 2.1.

diff --git a/doc/management.txt b/doc/management.txt
index c7a8e4884ca12e5b4eb20464ad0a9de4b2a9437d..a7130716985fc9248ccf07b0345b3f47f7608182 100644 (file)
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -2189,7 +2189,19 @@ set ssl cert <filename> <payload>
   Once the modification are done, you have to "commit ssl cert" the
   transaction.
 
+  Injection of files over the CLI must be done with caution since an empty line
+  is used to notify the end of the payload. It is recommended to inject a PEM
+  file which has been sanitized. A simple method would be to remove every empty
+  line and only leave what are in the PEM sections. It could be achieved with a
+  sed command.
+
   Example:
+
+   # With some simple sanitizing
+    echo -e "set ssl cert localhost.pem <<\n$(sed -n '/^$/d;/-BEGIN/,/-END/p' 127.0.0.1.pem)\n" | \
+    socat /var/run/haproxy.stat -
+
+    # Complete example with commit
     echo -e "set ssl cert localhost.pem <<\n$(cat 127.0.0.1.pem)\n" | \
     socat /var/run/haproxy.stat -
     echo -e \