DOC: management: add details on "Used" status

Add details on the "Used" status of the "show crl/ca-file/cert" CLI command. Could be backported in every branch till 2.5. Should fix issue #1979.
2025-08-06 07:07:04 +02:00 · 2023-01-10 14:44:27 +01:00 · 2023-01-10 14:44:27 +01:00 · 0c39526dab
commit 0c39526dab
parent da89e9b95b
1 changed files with 10 additions and 4 deletions
--- a/doc/management.txt
+++ b/doc/management.txt
@ -3273,8 +3273,10 @@ show stat [domain <dns|proxy>] [{<iid>|<proxy>} <type> <sid>] [typed|json] \
    python -m json.tool

 show ssl ca-file [<cafile>[:<index>]]
-  Display the list of CA files used by HAProxy and their respective certificate
-  counts. If a filename is prefixed by an asterisk, it is a transaction which
+  Display the list of CA files loaded into the process and their respective
+  certificate counts. The certificates are not used by any frontend or backend
+  until their status is "Used".
+  If a filename is prefixed by an asterisk, it is a transaction which
  is not committed yet. If a <cafile> is specified without <index>, it will show
  the status of the CA file ("Used"/"Unused") followed by details about all the
  certificates contained in the CA file. The details displayed for every
@ -3317,7 +3319,8 @@ show ssl ca-file [<cafile>[:<index>]]
    [...]

 show ssl cert [<filename>]
-  Display the list of certificates used on frontends and backends.
+  Display the list of certificates loaded into the process. They are not used
+  by any frontend or backend until their status is "Used".
  If a filename is prefixed by an asterisk, it is a transaction which is not
  committed yet. If a filename is specified, it will show details about the
  certificate. This command can be useful to check if a certificate was well
@ -3339,6 +3342,7 @@ show ssl cert [<filename>]

    $ echo "@1 show ssl cert test.local.pem" | socat /var/run/haproxy.master -
    Filename: test.local.pem
+    Status: Used
    Serial: 03ECC19BA54B25E85ABA46EE561B9A10D26F
    notBefore: Sep 13 21:20:24 2019 GMT
    notAfter: Dec 12 21:20:24 2019 GMT
@ -3350,10 +3354,12 @@ show ssl cert [<filename>]

    $ echo "@1 show ssl cert *test.local.pem" | socat /var/run/haproxy.master -
    Filename: *test.local.pem
+    Status: Unused
    [...]

 show ssl crl-file [<crlfile>[:<index>]]
-  Display the list of CRL files used by HAProxy.
+  Display the list of CRL files loaded into the process. They are not used
+  by any frontend or backend until their status is "Used".
  If a filename is prefixed by an asterisk, it is a transaction which is not
  committed yet. If a <crlfile> is specified without <index>, it will show the
  status of the CRL file ("Used"/"Unused") followed by details about all the