From c68af8db6f5a2f3d616404c70af7fc34c31de1e3 Mon Sep 17 00:00:00 2001
From: Emeric Brun <ebrun@exceliance.fr>
Date: Fri, 28 Sep 2012 18:14:24 +0200
Subject: [PATCH] DOC: ssl: add fetch and ACL 'ssl_verify_result'

---
 doc/configuration.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9cc77d0d8..4675bd38a 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8190,6 +8190,10 @@ ssl_sni_req <regex>
   haproxy and not to SSL contents being blindly forwarded. This requires that
   the SSL library is build with support for TLS extensions (check haproxy -vv).
 
+ssl_verify_result <errorID>
+  Returns true when the incoming connection was made over an SSL/TLS data layer
+  and the verify result match the errorID.
+
 wait_end
   Waits for the end of the analysis period to return true. This may be used in
   conjunction with content analysis to avoid returning a wrong verdict early.
@@ -8804,6 +8808,10 @@ The list of currently supported pattern fetch functions is the following :
                host name (253 chars or less). The SSL library must have been
                built with support for TLS extensions (check haproxy -vv).
 
+  ssl_verify_result
+               Returns the verify result errorID when the incoming connection
+               was made over an SSL/TLS data layer.
+
   url          This extracts the request's URL as presented in the request. A
                typical use is with prefetch-capable caches, and with portals
                which need to aggregate multiple information from databases and