mirror of
https://github.com/haproxy/haproxy.git
synced 2026-02-09 22:04:13 -05:00
31af49d62b
With this patch, it is possible to configure HAProxy to forge the SSL certificate sent to a client using the SNI servername. We do it in the SNI callback. To enable this feature, you must pass following BIND options: * ca-sign-file <FILE> : This is the PEM file containing the CA certitifacte and the CA private key to create and sign server's certificates. * (optionally) ca-sign-pass <PASS>: This is the CA private key passphrase, if any. * generate-certificates: Enable the dynamic generation of certificates for a listener. Because generating certificates is expensive, there is a LRU cache to store them. Its size can be customized by setting the global parameter 'tune.ssl.ssl-ctx-cache-size'. |
||
|---|---|---|
| .. | ||
| design-thoughts | ||
| internals | ||
| lua-api | ||
| acl.fig | ||
| architecture.txt | ||
| close-options.txt | ||
| coding-style.txt | ||
| configuration.txt | ||
| cookie-options.txt | ||
| gpl.txt | ||
| haproxy-en.txt | ||
| haproxy-fr.txt | ||
| haproxy.1 | ||
| lgpl.txt | ||
| network-namespaces.txt | ||
| proxy-protocol.txt | ||
| queuing.fig | ||