BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords
This patch fixes an issue in the "-dK" keywords dumper, which was
mistakenly displaying the "crt-list" keywords for "bind ssl" keywords.
The patch fixes the issue by dumping the "crt-list" keywords in its own
section, and dumping the "bind" keywords which are in the "SSL" scope
with a "bind ssl" prefix.
This commit depends on the previous "MINOR: ssl: rename confusing
ssl_bind_kws" commit.
Must be backported in 2.6.
Diff of the `./haproxy -dKall -q -c -f /dev/null` output before and
after the patch in 2.8-dev4:
| @@ -190,30 +190,9 @@ listen
| use-fcgi-app
| bind <addr> accept-netscaler-cip +1
| bind <addr> accept-proxy
| - bind <addr> allow-0rtt
| - bind <addr> alpn +1
| bind <addr> backlog +1
| - bind <addr> ca-file +1
| - bind <addr> ca-ignore-err +1
| - bind <addr> ca-sign-file +1
| - bind <addr> ca-sign-pass +1
| - bind <addr> ca-verify-file +1
| - bind <addr> ciphers +1
| - bind <addr> ciphersuites +1
| - bind <addr> crl-file +1
| - bind <addr> crt +1
| - bind <addr> crt-ignore-err +1
| - bind <addr> crt-list +1
| - bind <addr> curves +1
| bind <addr> defer-accept
| - bind <addr> ecdhe +1
| bind <addr> expose-fd +1
| - bind <addr> force-sslv3
| - bind <addr> force-tlsv10
| - bind <addr> force-tlsv11
| - bind <addr> force-tlsv12
| - bind <addr> force-tlsv13
| - bind <addr> generate-certificates
| bind <addr> gid +1
| bind <addr> group +1
| bind <addr> id +1
| @@ -225,48 +204,52 @@ listen
| bind <addr> name +1
| bind <addr> namespace +1
| bind <addr> nice +1
| - bind <addr> no-ca-names
| - bind <addr> no-sslv3
| - bind <addr> no-tls-tickets
| - bind <addr> no-tlsv10
| - bind <addr> no-tlsv11
| - bind <addr> no-tlsv12
| - bind <addr> no-tlsv13
| - bind <addr> npn +1
| - bind <addr> prefer-client-ciphers
| bind <addr> process +1
| bind <addr> proto +1
| bind <addr> severity-output +1
| bind <addr> shards +1
| - bind <addr> ssl
| - bind <addr> ssl-max-ver +1
| - bind <addr> ssl-min-ver +1
| - bind <addr> strict-sni
| bind <addr> tcp-ut +1
| bind <addr> tfo
| bind <addr> thread +1
| - bind <addr> tls-ticket-keys +1
| bind <addr> transparent
| bind <addr> uid +1
| bind <addr> user +1
| bind <addr> v4v6
| bind <addr> v6only
| - bind <addr> verify +1
| bind <addr> ssl allow-0rtt
| bind <addr> ssl alpn +1
| bind <addr> ssl ca-file +1
| + bind <addr> ssl ca-ignore-err +1
| + bind <addr> ssl ca-sign-file +1
| + bind <addr> ssl ca-sign-pass +1
| bind <addr> ssl ca-verify-file +1
| bind <addr> ssl ciphers +1
| bind <addr> ssl ciphersuites +1
| bind <addr> ssl crl-file +1
| + bind <addr> ssl crt +1
| + bind <addr> ssl crt-ignore-err +1
| + bind <addr> ssl crt-list +1
| bind <addr> ssl curves +1
| bind <addr> ssl ecdhe +1
| + bind <addr> ssl force-sslv3
| + bind <addr> ssl force-tlsv10
| + bind <addr> ssl force-tlsv11
| + bind <addr> ssl force-tlsv12
| + bind <addr> ssl force-tlsv13
| + bind <addr> ssl generate-certificates
| bind <addr> ssl no-ca-names
| + bind <addr> ssl no-sslv3
| + bind <addr> ssl no-tls-tickets
| + bind <addr> ssl no-tlsv10
| + bind <addr> ssl no-tlsv11
| + bind <addr> ssl no-tlsv12
| + bind <addr> ssl no-tlsv13
| bind <addr> ssl npn +1
| - bind <addr> ssl ocsp-update +1
| + bind <addr> ssl prefer-client-ciphers
| bind <addr> ssl ssl-max-ver +1
| bind <addr> ssl ssl-min-ver +1
| + bind <addr> ssl strict-sni
| + bind <addr> ssl tls-ticket-keys +1
| bind <addr> ssl verify +1
| server <name> <addr> addr +1
| server <name> <addr> agent-addr +1
| @@ -591,6 +574,23 @@ listen
| http-after-response unset-var*
| userlist
| peers
| +crt-list
| + allow-0rtt
| + alpn +1
| + ca-file +1
| + ca-verify-file +1
| + ciphers +1
| + ciphersuites +1
| + crl-file +1
| + curves +1
| + ecdhe +1
| + no-ca-names
| + npn +1
| + ocsp-update +1
| + ssl-max-ver +1
| + ssl-min-ver +1
| + verify +1
| # List of registered CLI keywords:
| @!<pid> [MASTER]
| @<relative pid> [MASTER]
projects / haproxy-3.0.git / commit