DOC: ssl: add fetch and ACL 'ssl_verify_result'

2025-08-09 08:37:04 +02:00 · 2012-09-28 18:14:24 +02:00 · 2012-09-28 18:14:24 +02:00 · c68af8db6f
commit c68af8db6f
parent baf8ffb673
1 changed files with 8 additions and 0 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -8190,6 +8190,10 @@ ssl_sni_req <regex>
  haproxy and not to SSL contents being blindly forwarded. This requires that
  the SSL library is build with support for TLS extensions (check haproxy -vv).

+ssl_verify_result <errorID>
+  Returns true when the incoming connection was made over an SSL/TLS data layer
+  and the verify result match the errorID.
+
 wait_end
  Waits for the end of the analysis period to return true. This may be used in
  conjunction with content analysis to avoid returning a wrong verdict early.
@ -8804,6 +8808,10 @@ The list of currently supported pattern fetch functions is the following :
               host name (253 chars or less). The SSL library must have been
               built with support for TLS extensions (check haproxy -vv).

+  ssl_verify_result
+               Returns the verify result errorID when the incoming connection
+               was made over an SSL/TLS data layer.
+
  url          This extracts the request's URL as presented in the request. A
               typical use is with prefetch-capable caches, and with portals
               which need to aggregate multiple information from databases and