haproxy/doc
Joao Morais e51fab0a4a DOC: clarify how to create a fallback crt
HAProxy uses CN and SAN of the certificates to match incoming SNI, and
use the matching certificate in the TLS handshake. `crt-list` goes
further and allows to configure SNI filters to explicitly define the
FQDNs that should match a certificate.

The first declared certificate of the `crt-list` option follows the same
rules, and it's also used as a fallback - the certificate that should be
used if SNI isn't provided or the provided one cannot match any
certificate or SNI filter. If a provided SNI matches the CN or SAN of
the first certificate, the first certificate would be used even if a
matching SNI filter is declared later.

This change clarifies this scenario and documents a filter that can be
used to convert the first declared certificate as a proper fallback.

Should be merged as far as the first SNI filter implementation.
2020-11-21 15:29:22 +01:00
..
design-thoughts DOC: assorted typo fixes in the documentation 2020-03-09 14:45:58 +01:00
internals [RELEASE] Released version 2.3-dev7 2020-10-17 10:31:50 +02:00
lua-api DOC: assorted typo fixes in the documentation 2020-06-26 11:27:10 +02:00
51Degrees-device-detection.txt CLEANUP: 51d: move the 51d dummy lib to contrib/51d/src to match the real lib 2019-06-13 15:56:10 +02:00
acl.fig
architecture.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
close-options.txt
coding-style.txt DOC: coding-style: update a few rules about pointers 2020-11-18 19:59:38 +01:00
configuration.txt DOC: clarify how to create a fallback crt 2020-11-21 15:29:22 +01:00
cookie-options.txt
DeviceAtlas-device-detection.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
gpl.txt
haproxy.1 DOC: add description of pidfile in master-worker mode 2020-08-26 18:40:53 +02:00
intro.txt [RELEASE] Released version 2.4-dev0 2020-11-05 17:20:35 +01:00
lgpl.txt
linux-syn-cookies.txt
lua.txt [RELEASE] Released version 2.3-dev2 2020-07-31 14:48:32 +02:00
management.txt MEDIUM: cli/ssl: configure ssl on server at runtime 2020-11-18 17:22:28 +01:00
netscaler-client-ip-insertion-protocol.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
network-namespaces.txt
peers-v2.0.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
peers.txt DOC: peers: Update for dictionary cache entries for peers protocol. 2019-06-07 15:47:54 +02:00
proxy-protocol.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
queuing.fig
regression-testing.txt DOC: assorted typo fixes in the documentation and Makefile 2020-03-06 10:49:55 +01:00
seamless_reload.txt CLEANUP: removed obsolete examples an move a few to better places 2019-06-15 21:25:06 +02:00
SOCKS4.protocol.txt MEDIUM: connection: Upstream SOCKS4 proxy support 2019-05-31 17:24:06 +02:00
SPOE.txt DOC: assorted typo fixes in the documentation 2020-06-26 11:27:10 +02:00
WURFL-device-detection.txt DOC: fix typos 2019-05-25 07:34:24 +02:00