From ed8bfadd8d17fc59b8a1f57bb2476cd7df1ce190 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 16 Sep 2021 17:30:51 +0200
Subject: [PATCH] DOC: management: certificate files must be sanitized before
 injection

A lot of people encounter problems when trying to inject a certificate
file which contains extra informations or empty lines.

This patch adds a paragraph and a sanitizing example.

Must be backported as far as 2.1.
---
 doc/management.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/management.txt b/doc/management.txt
index c7a8e4884..a71307169 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -2189,7 +2189,19 @@ set ssl cert <filename> <payload>
   Once the modification are done, you have to "commit ssl cert" the
   transaction.
 
+  Injection of files over the CLI must be done with caution since an empty line
+  is used to notify the end of the payload. It is recommended to inject a PEM
+  file which has been sanitized. A simple method would be to remove every empty
+  line and only leave what are in the PEM sections. It could be achieved with a
+  sed command.
+
   Example:
+
+   # With some simple sanitizing
+    echo -e "set ssl cert localhost.pem <<\n$(sed -n '/^$/d;/-BEGIN/,/-END/p' 127.0.0.1.pem)\n" | \
+    socat /var/run/haproxy.stat -
+
+    # Complete example with commit
     echo -e "set ssl cert localhost.pem <<\n$(cat 127.0.0.1.pem)\n" | \
     socat /var/run/haproxy.stat -
     echo -e \