DOC: configuration: add details about crt-store in bind "crt" keyword

Add some details about the certificate storage cache system in the "crt"
bind keyword.

This should be backported to 3.0. Fix issue #2618.

(cherry picked from commit ba37ad41b26a6ba83581821c13426a7fbe4d2494)
Signed-off-by: William Lallemand <wlallemand@haproxy.com>

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 8a60a6e..c8cef14 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -15941,8 +15941,15 @@ crl-file <crlfile>
   list for every certificate of your certificate authority chain.
 
 crt <cert>
-  This setting is only available when support for OpenSSL was built in. It
-  designates a PEM file containing both the required certificates and any
+  This setting is only available when support for OpenSSL was built in.
+
+  HAProxy uses a cache system, the files are loaded only once in the certificate
+  storage, and each next "crt" keyword will use this cached version. When the
+  certificate was declared in a "crt-store", the certificate storage is
+  populated from there and don't try to load additional files by detecting file
+  extensions.
+
+  It designates a PEM file containing both the required certificates and any
   associated private keys. This file can be built by concatenating multiple
   PEM files into one (e.g. cat cert.pem key.pem > combined.pem). If your CA
   requires an intermediate certificate, this can also be concatenated into this