mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 13:21:29 +02:00
Code Issues Projects Releases Wiki Activity

DOC: configuration: reword 'generate-certificates'

Browse Source 
Reword the 'generate-certificates' keyword documentation to clarify
what's happening upon error.

This was discussed in ticket #3082.
This commit is contained in:
William Lallemand 2025-08-27 10:56:24 +02:00
parent 2cd0afb430
commit c36e4fb17f
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/configuration.txt
View File

@ -16693,8 +16693,12 @@ generate-certificates
name mismatch on the certificate presented to the client. With this option
enabled, HAProxy will try to forge a certificate using the SNI hostname
indicated by the client. This is done only if no certificate matches the SNI
hostname (see 'crt-list'). If an error occurs, the default certificate is
used, else the 'strict-sni' option is set.
hostname (see 'crt-list').
In the event of a certificate generation error, the connection will fall back
on the default certificate. When using 'strict-sni', the default certificate
will not be used and the connection will result in a handshake failure.
It can also be used when HAProxy is configured as a reverse proxy to ease the
deployment of an architecture with many backends.