mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 13:21:29 +02:00
Code Issues Projects Releases Wiki Activity

DOC: configuration: reword 'generate-certificates'

Browse Source 
Reword the 'generate-certificates' keyword documentation to clarify
what's happening upon error.

This was discussed in ticket #3082.
This commit is contained in:
William Lallemand 2025-08-27 10:56:24 +02:00
parent 2cd0afb430
commit c36e4fb17f
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/configuration.txt
View File

@ -16693,8 +16693,12 @@ generate-certificates
name mismatch on the certificate presented to the client. With this option name mismatch on the certificate presented to the client. With this option
enabled, HAProxy will try to forge a certificate using the SNI hostname enabled, HAProxy will try to forge a certificate using the SNI hostname
indicated by the client. This is done only if no certificate matches the SNI indicated by the client. This is done only if no certificate matches the SNI
hostname (see 'crt-list'). If an error occurs, the default certificate is hostname (see 'crt-list').
used, else the 'strict-sni' option is set.
In the event of a certificate generation error, the connection will fall back
on the default certificate. When using 'strict-sni', the default certificate
will not be used and the connection will result in a handshake failure.
It can also be used when HAProxy is configured as a reverse proxy to ease the It can also be used when HAProxy is configured as a reverse proxy to ease the
deployment of an architecture with many backends. deployment of an architecture with many backends.