From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 16 Sep 2021 15:30:51 +0000 (+0200)
Subject: DOC: management: certificate files must be sanitized before injection
X-Git-Tag: v2.5-dev8~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed8bfadd8d17fc59b8a1f57bb2476cd7df1ce190;p=thirdparty%2Fhaproxy.git

DOC: management: certificate files must be sanitized before injection

A lot of people encounter problems when trying to inject a certificate
file which contains extra informations or empty lines.

This patch adds a paragraph and a sanitizing example.

Must be backported as far as 2.1.
---

diff --git a/doc/management.txt b/doc/management.txt
index c7a8e4884c..a713071698 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -2189,7 +2189,19 @@ set ssl cert <filename> <payload>
   Once the modification are done, you have to "commit ssl cert" the
   transaction.
 
+  Injection of files over the CLI must be done with caution since an empty line
+  is used to notify the end of the payload. It is recommended to inject a PEM
+  file which has been sanitized. A simple method would be to remove every empty
+  line and only leave what are in the PEM sections. It could be achieved with a
+  sed command.
+
   Example:
+
+   # With some simple sanitizing
+    echo -e "set ssl cert localhost.pem <<\n$(sed -n '/^$/d;/-BEGIN/,/-END/p' 127.0.0.1.pem)\n" | \
+    socat /var/run/haproxy.stat -
+
+    # Complete example with commit
     echo -e "set ssl cert localhost.pem <<\n$(cat 127.0.0.1.pem)\n" | \
     socat /var/run/haproxy.stat -
     echo -e \