CLEANUP: assorted typo fixes in the code, commits and doc

Corrected various spelling and phrasing errors to improve clarity and consistency.

doc/configuration.txt

@@ -2280,7 +2280,7 @@ cpu-policy <policy>
                         respected. This is recommended on multi-socket and NUMA
                         systems, as well as CPUs with bad inter-CCX latencies.
                         On most server machines, clusters and CCX are the same,
-                        but on heterogenous machines ("performance" vs
+                        but on heterogeneous machines ("performance" vs
                         "efficiency" or "big" vs "little"), a cluster will
                         generally be made of only a part of a CCX composed only
                         of very similar CPUs (same type, +/-5% frequency
@@ -2435,7 +2435,7 @@ dns-accept-family <family>[,...]
               The result of the last check is cached for 30 seconds.
 
   When a single family is used, no request will be sent to resolvers for the
-  other family, and any response for the othe family will be ignored. The
+  other family, and any response for the other family will be ignored. The
   default value since 3.3 is "auto", which effectively enables both families
   only once IPv6 has been proven to be routable, otherwise sticks to IPv4.
   See also: "resolve-prefer", "do-resolve"
@@ -9735,7 +9735,7 @@ no option http-drop-request-trailers
 
   RFC9110#section-6.5.1 stated that trailer fields could be merged into the
   header fields. It should be done on purpose, but it may be a problem for some
-  applications, espcially if malicious clients hide sensitive header fields in
+  applications, especially if malicious clients hide sensitive header fields in
   the trailers part and some intermediaries merge them with headers with no
   specific checks. In that case, this option can be enabled on the backend to
   drop any trailer fields found in requests before sending them to the server.
@@ -10655,7 +10655,7 @@ no option prefer-last-server
   It may be useful to precise here, which load balancing algorithms are
   considered deterministic. Deterministic algorithms will always select the same
   server for a given client data, assuming the set of available servers has not
-  changed. In general, deterministic algorithms involve hasing or lookups on the
+  changed. In general, deterministic algorithms involve hashing or lookups on the
   incoming requests to choose the target server. However, this is not always the
   case; "static-rr", for example, can be also considered as deterministic because
   the server choice is based on the server's static weight, making the selection
@@ -15141,7 +15141,7 @@ pause { <timeout> | <expr> }
   Usable in:  QUIC Ini|    TCP RqCon| RqSes| RqCnt| RsCnt|    HTTP Req| Res| Aft
                     - |          -  |   -  |   -  |   -  |          X |  X |  -
 
-  This suspends the message analysis for the sepcified number of milliseconds.
+  This suspends the message analysis for the specified number of milliseconds.
   The timeout can be specified in milliseconds or with any other unit if the
   number is suffixed by the unit as explained at the top of this document. It
   is also possible to write an expression which must return a number
@@ -16562,7 +16562,7 @@ crt-list <file>
     Server Name Indication field matching one of the SNI filters, or the CN and
     SAN of a <crtfile>. The matching algorithm first looks for a positive domain
     entry in the list, if not found it will try to look for a wildcard in the
-    list. If a wilcard match, haproxy checks for a negative filter from the
+    list. If a wildcard match, haproxy checks for a negative filter from the
     same line and unmatch if necessary. In case of multiple key algorithms
     (RSA,ECDSA,DSA), HAProxy will try to match one certificate per type and
     chose the right one depending on what is supported by the client.
@@ -16577,7 +16577,7 @@ crt-list <file>
     certificate, either from crt or crt-list option.
     It is also possible to declare a '*' filter, which will add this
     certificate to the list of default certificates. To clarify the
-    configuration, the default certificates could be explicited (with a '*'
+    configuration, the default certificates could be explicit (with a '*'
     filter) at the beginning of the list, so an implicit default is not added
     before.
     Due to multi-cert bundles being duplicated for each algorithm in the
@@ -17181,7 +17181,7 @@ tls-tickets
   This setting is only available when support for OpenSSL was built in. It
   enables the stateless session resumption (RFC 5077 TLS Ticket extension). It
   is the default, but it may be needed to selectively re-enable the feature on
-  a "bind" line if it had been globaly disabled via "no-tls-tickets" mentioned
+  a "bind" line if it had been globally disabled via "no-tls-tickets" mentioned
   in "ssl-default-bind-options". See also the "no-tls-tickets" bind keyword.
 
 tls-ticket-keys <keyfile>
@@ -18078,10 +18078,10 @@ no-renegotiate
 
   This setting is only available when support for OpenSSL was built in. It
   disables the renegotiation mechanisms, be it the legacy unsafe one or the
-  more recent "secure renegotation" one (RFC 5746 TLS Renegotiation Indication
+  more recent "secure renegotiation" one (RFC 5746 TLS Renegotiation Indication
   Extension) for the given SSL backend. This option is also available on global
   statement "ssl-default-server-options".
-  Renegotiation is not posible anymore in TLS 1.3.
+  Renegotiation is not possible anymore in TLS 1.3.
   If neither "renegotiate" nor "no-renegotiate" is specified, the SSL library's
   default behavior is kept.
   Note that for instance OpenSSL library enables secure renegotiation by
@@ -18425,7 +18425,7 @@ renegotiate
   backends to renegotiate when servers request it. It still requires that the
   underlying SSL library actually supports renegotiation.
   This option is also available on global statement "ssl-default-server-options".
-  Renegotiation is not posible anymore in TLS 1.3.
+  Renegotiation is not possible anymore in TLS 1.3.
   If neither "renegotiate" nor "no-renegotiate" is specified, the SSL library's
   default behavior is kept.
   Note that for instance OpenSSL library enables secure renegotiation by
@@ -29690,7 +29690,7 @@ table <tablename> type {ip | integer | string [len <length>] | binary [len <leng
 The sections described below are less commonly used and usually support only a
 few parameters. There is no implicit relation between any of them. They're all
 started using a single keyword. None of them is permitted before a "global"
-section. The support for some of them might be conditionned by build options
+section. The support for some of them might be conditioned by build options
 (e.g. anything SSL-related).
 
 12.1. Traces

doc/lua-api/index.rst

@@ -935,7 +935,7 @@ Core class
   Give back the hand at the HAProxy scheduler. Unlike :js:func:`core.yield`
   the task will not be woken up automatically to resume as fast as possible.
   Instead, it will wait for an event to wake the task. If milliseconds argument
-  is provided then the Lua excecution will be automatically resumed passed this
+  is provided then the Lua execution will be automatically resumed passed this
   delay even if no event caused the task to wake itself up.
 
   :param integer milliseconds: automatic wakeup passed this delay. (optional)
@@ -945,7 +945,7 @@ Core class
   **context**: task, action
 
   Give back the hand at the HAProxy scheduler. It is used when the LUA
-  processing consumes a lot of processing time. Lua excecution will be resumed
+  processing consumes a lot of processing time. Lua execution will be resumed
   automatically (automatic reschedule).
 
 .. js:function:: core.parse_addr(address)

doc/management.txt

@@ -2371,7 +2371,7 @@ prompt [help | n | i | p | timed]*
 
   Without any option, this will cycle through prompt mode then non-interactive
   mode. In non-interactive mode, the connection is closed after the last
-  command of the current line compltes. In interactive mode, the connection is
+  command of the current line completes. In interactive mode, the connection is
   not closed after a command completes, so that a new one can be entered. In
   prompt mode, the interactive mode is still in use, and a prompt will appear
   at the beginning of the line, indicating to the user that the interpreter is

include/haproxy/stick_table-t.h

@@ -226,7 +226,7 @@ struct stktable {
 	unsigned int update;      /* uses updt_lock */
 	unsigned int localupdate; /* uses updt_lock */
 	unsigned int commitupdate;/* used to identify the latest local updates pending for sync, uses updt_lock */
-	struct tasklet *updt_task;/* tasklet responsable for pushing the pending updates into the tree */
+	struct tasklet *updt_task;/* tasklet responsible for pushing the pending updates into the tree */
 
 	THREAD_ALIGN(64);
 	/* this lock is heavily used and must be on its own cache line */

reg-tests/jwt/jws_verify.vtc

@@ -90,7 +90,7 @@ haproxy h1 -conf {
 
         # Variables
         # This first case only works because the certificate
-        # is already explicitely used in a previous jwt_verify call.
+        # is already explicitly used in a previous jwt_verify call.
         http-response set-var(txn.cert) str("${testdir}/cert.rsa.pem")
         http-response set-header x-jwt-verify-RS256-var1 %[var(txn.bearer),jwt_verify(txn.jwt_alg,txn.cert)] if { var(txn.jwt_alg) -m str "RS256" }
         http-response set-var(txn.cert) str("@named_store${testdir}/cert.rsa.pem")

src/acme.c

@@ -193,7 +193,7 @@ static int cfg_parse_acme(const char *file, int linenum, char **args, int kwm)
 
 		/* first check if the ID was already used */
 		if (cur_acme->linenum > 0) {
-			/* an unitialized section is created when parsing the "acme" keyword in a crt-store, with a
+			/* an uninitialized section is created when parsing the "acme" keyword in a crt-store, with a
 			 * linenum <= 0, however, when the linenum > 0, it means we already created a section with this
 			 * name */
 			err_code |= ERR_ALERT | ERR_FATAL;

src/cli.c

@@ -789,7 +789,7 @@ static int cli_process_cmdline(struct appctx *appctx)
 		i++;
 	}
 	/* Pass the payload to the last command. It happens when the end of the
-	 * commend is just before the payload pattern.
+	 * command is just before the payload pattern.
 	 */
 	if (appctx->cli_ctx.payload && appctx->cli_ctx.payload == end + strlen(appctx->cli_ctx.payload_pat) + 3) {
 		appctx->st1 |= APPCTX_CLI_ST1_LASTCMD;
@@ -1030,7 +1030,7 @@ int cli_parse_cmdline(struct appctx *appctx)
 					appctx->cli_ctx.payload_pat[sizeof(appctx->cli_ctx.payload_pat)-1] = '\0';
 
 					/* The last command finishes before the payload pattern.
-					 * Dont' strip trailing spaces to be sure to detect when
+					 * Don't strip trailing spaces to be sure to detect when
 					 * the payload should be used.
 					 */
 					*last_arg = '\0';
@@ -1049,7 +1049,7 @@ int cli_parse_cmdline(struct appctx *appctx)
 			str[len] = '\0';
 
 			/* look for a pattern at the end of the payload
-			 * (take care to exclue last character because it is a \n)
+			 * (take care to exclude the last character because it is a \n)
 			 */
 			if (len-1 == strlen(appctx->cli_ctx.payload_pat)) {
 				if (strncmp(str, appctx->cli_ctx.payload_pat, len-1) == 0) {

src/http_ana.c

@@ -1022,7 +1022,7 @@ int http_request_forward_body(struct stream *s, struct channel *req, int an_bit)
 		/* request errors are most likely due to the server aborting the
 		 * transfer. But handle server aborts only if the response was
 		 * not received yet. Otherwise, let the response analyzer the
-		 * responsability to handle the error. It is especially
+		 * responsibility to handle the error. It is especially
 		 * important to properly handle L7-retries but also K/A silent close.
 		 */
 		if (txn->rsp.msg_state >= HTTP_MSG_BODY && htx_is_empty(htxbuf(&s->res.buf)))
@@ -1065,7 +1065,7 @@ int http_request_forward_body(struct stream *s, struct channel *req, int an_bit)
 	/* waiting for the last bits to leave the buffer */
 	if (s->scb->flags & SC_FL_SHUT_DONE) {
 		/* Handle server aborts only if the response was not received
-		 * yet. Otherwise, let the response analyzer the responsability
+		 * yet. Otherwise, let the response analyzer the responsibility
 		 * to handle the error. It is especially important to properly
 		 * handle L7-retries but also K/A silent close.
 		 */

src/jwt.c

@@ -289,7 +289,7 @@ static int jwt_tree_tryload_store(struct jwt_cert_tree_entry *jwt_entry)
 }
 
 /* Update the ckch_store and public key reference of a jwt_entry. This is only
- * useful whne updating a certificate from the CLI if it was being used for JWT
+ * useful when updating a certificate from the CLI if it was being used for JWT
  * validation.
  */
 void jwt_replace_ckch_store(struct ckch_store *old_ckchs, struct ckch_store *new_ckchs)

src/mux_quic.c

@@ -3709,7 +3709,7 @@ static int qmux_strm_attach(struct connection *conn, struct sedesc *sd, struct s
 	TRACE_ENTER(QMUX_EV_QCS_NEW, conn);
 
 	/* Flow control limit on bidi streams should already have
-	 * been checked by a prior qmux_avail_streams() invokation.
+	 * been checked by a prior qmux_avail_streams() invocation.
 	 */
 	BUG_ON(!qcc_fctl_avail_streams(qcc, 1));
 

src/proxy.c

@@ -1705,7 +1705,7 @@ void proxy_unref_defaults(struct proxy *px)
 /* prepares a new proxy <name> of type <cap> from the provided <px>
  * pointer.
  * <px> is assumed to be freshly allocated
- * <name> may be NULL: proxy id assigment will be skipped.
+ * <name> may be NULL: proxy id assignment will be skipped.
  *
  * Returns a 1 on success or 0 on failure (in which case errmsg must be checked
  * then freed).

src/quic_conn.c

@@ -1067,7 +1067,7 @@ struct task *qc_process_timer(struct task *task, void *ctx, unsigned int state)
  * Endpoints addresses are specified via <local_addr> and <peer_addr>.
  * Returns the connection if succeeded, NULL if not.
  * For QUIC clients, <dcid>, <scid>, <token_odcid>, <conn_id> must be null,
- * and <token> value must be 0. This is the responsability of the caller to ensure
+ * and <token> value must be 0. This is the responsibility of the caller to ensure
  * this is the case.
  */
 struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
@@ -1539,7 +1539,7 @@ int quic_conn_release(struct quic_conn *qc)
 		HA_ATOMIC_DEC(&__objt_listener(qc->target)->rx.quic_curr_accept);
 	}
 
-	/* Substract last congestion window from global memory counter. */
+	/* Subtract last congestion window from global memory counter. */
 	if (qc->path) {
 		cshared_add(&quic_mem_diff, -qc->path->cwnd);
 		qc->path->cwnd = 0;

src/quic_ssl.c

@@ -1120,7 +1120,7 @@ int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 	return ret;
 }
 
-/* Simple helper to set the specifig OpenSSL/quictls QUIC API callbacks */
+/* Simple helper to set the specific OpenSSL/quictls QUIC API callbacks */
 static int quic_ssl_set_tls_cbs(SSL *ssl)
 {
 #ifdef HAVE_OPENSSL_QUIC

src/quic_tx.c

@@ -711,7 +711,7 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf,
 			 * conditions are verified (see qc_do_build_pkt()).
 			 *
 			 * For clients:
-			 * <padding> must be set to 1 only the current packet cannot be coalesed,
+			 * <padding> must be set to 1 only the current packet cannot be coalesced,
 			 * i.e. if the next qel is not present or empty.
 			 */
 			cur_pkt = qc_build_pkt(&pos, end, qel, tls_ctx, frms,

src/server.c

@@ -3022,7 +3022,7 @@ void srv_settings_cpy(struct server *srv, const struct server *src, int srv_tmpl
 	}
 }
 
-/* allocate a server, attachs it to the global servers_list
+/* Allocates a server, attaches it to the global servers_list
  * and adds it to <proxy> server list. Before deleting the server with
  * srv_drop(), srv_detach() must be called to remove it from the parent
  * proxy list

src/ssl_ckch.c

@@ -1046,7 +1046,7 @@ struct ckch_store *ckchs_dup(const struct ckch_store *src)
 	dst->conf.ocsp_update_mode = src->conf.ocsp_update_mode;
 
         /* copy ckch_conf
-	 * XXX: could be automated for each fiedl with the
+	 * XXX: could be automated for each field with the
          * ckch_conf array used for parsing */
 
         if (src->conf.crt)