From: Emeric Brun <ebrun@exceliance.fr>
Date: Fri, 28 Sep 2012 16:14:24 +0000 (+0200)
Subject: DOC: ssl: add fetch and ACL 'ssl_verify_result'
X-Git-Tag: v1.5-dev13~243
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c68af8db6f5a2f3d616404c70af7fc34c31de1e3;p=thirdparty%2Fhaproxy.git

DOC: ssl: add fetch and ACL 'ssl_verify_result'
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9cc77d0d87..4675bd38a1 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8190,6 +8190,10 @@ ssl_sni_req <regex>
   haproxy and not to SSL contents being blindly forwarded. This requires that
   the SSL library is build with support for TLS extensions (check haproxy -vv).
 
+ssl_verify_result <errorID>
+  Returns true when the incoming connection was made over an SSL/TLS data layer
+  and the verify result match the errorID.
+
 wait_end
   Waits for the end of the analysis period to return true. This may be used in
   conjunction with content analysis to avoid returning a wrong verdict early.
@@ -8804,6 +8808,10 @@ The list of currently supported pattern fetch functions is the following :
                host name (253 chars or less). The SSL library must have been
                built with support for TLS extensions (check haproxy -vv).
 
+  ssl_verify_result
+               Returns the verify result errorID when the incoming connection
+               was made over an SSL/TLS data layer.
+
   url          This extracts the request's URL as presented in the request. A
                typical use is with prefetch-capable caches, and with portals
                which need to aggregate multiple information from databases and