are loaded.
If a directory name is used instead of a PEM file, then all files found in
- that directory will be loaded in alphabetic order unless their name ends with
- '.issuer', '.ocsp' or '.sctl' (reserved extensions). This directive may be
- specified multiple times in order to load certificates from multiple files or
- directories. The certificates will be presented to clients who provide a
- valid TLS Server Name Indication field matching one of their CN or alt
- subjects. Wildcards are supported, where a wildcard character '*' is used
- instead of the first hostname component (e.g. *.example.org matches
+ that directory will be loaded in alphabetic order unless their name ends
+ with '.key', '.issuer', '.ocsp' or '.sctl' (reserved extensions). This
+ directive may be specified multiple times in order to load certificates from
+ multiple files or directories. The certificates will be presented to clients
+ who provide a valid TLS Server Name Indication field matching one of their
+ CN or alt subjects. Wildcards are supported, where a wildcard character '*'
+ is used instead of the first hostname component (e.g. *.example.org matches
www.example.org but not www.sub.example.org).
If no SNI is provided by the client or if the SSL library does not support
struct dirent *de = de_list[i];
end = strrchr(de->d_name, '.');
- if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
+ if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl") || !strcmp(end, ".key")))
goto ignore_entry;
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
projects / thirdparty / haproxy.git / commitdiff
