DOC: configuration: add details about crt-store in bind "crt" keyword

Add some details about the certificate storage cache system in the "crt" bind keyword. This should be backported to 3.0. Fix issue #2618.
2025-08-05 22:56:57 +02:00 · 2024-07-01 12:17:00 +02:00 · 2024-07-01 12:17:00 +02:00 · ba37ad41b2
commit ba37ad41b2
parent b789cef91f
1 changed files with 9 additions and 2 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -15945,8 +15945,15 @@ crl-file <crlfile>
  list for every certificate of your certificate authority chain.

 crt <cert>
-  This setting is only available when support for OpenSSL was built in. It
-  designates a PEM file containing both the required certificates and any
+  This setting is only available when support for OpenSSL was built in.
+
+  HAProxy uses a cache system, the files are loaded only once in the certificate
+  storage, and each next "crt" keyword will use this cached version. When the
+  certificate was declared in a "crt-store", the certificate storage is
+  populated from there and don't try to load additional files by detecting file
+  extensions.
+
+  It designates a PEM file containing both the required certificates and any
  associated private keys. This file can be built by concatenating multiple
  PEM files into one (e.g. cat cert.pem key.pem > combined.pem). If your CA
  requires an intermediate certificate, this can also be concatenated into this