From 35d21a8bc0025457dde60016b70868f812b7732d Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 14 Nov 2025 10:43:09 +0100
Subject: [PATCH] DOC: configuration: add missing openssl_version predicates

Add missing openssl_version_atleast() and  openssl_version_before()
predicates.

The predicates exist since 3aeb3f9347 ("MINOR: cfgcond: implements
openssl_version_atleast and openssl_version_before").

Must be backported in every stable versions.
---
 doc/configuration.txt | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3bc667a70..59ffcf74e 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1185,6 +1185,21 @@ The list of currently supported predicates is the following:
                             in the features list reported by "haproxy -vv"
                             (which means a <name> appears after a '+')
 
+  - openssl_version_atleast(<ver>) : returns true if the current openssl
+                            version is at least as recent as <ver> otherwise
+                            false.
+                            Libraries like LibreSSL, AWS-LC and WolfSSL also
+                            provide a pseudo OpenSSL version.
+                            Example:
+                              ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)
+
+  - openssl_version_before(<ver>) : returns true if the current openssl
+                            version is strictly older than <ver> otherwise
+                            false.
+                            Libraries like LibreSSL, AWS-LC and WolfSSL also
+                            provide a pseudo OpenSSL version.
+                            Example: openssl_version_before(3.5.0)
+
   - ssllib_name_startswith(<name>)  : return true if the SSL library name
                             HAProxy was linked with, starts with <name>.
                             Example: ssllib_name_startswith(wolfSSL)