DOC: configuration: add a warning for @system-ca on bind
Add a warning on @system-ca on the bind line so people don't use it this
way.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index d9fd06d..c289523 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13872,6 +13872,13 @@
CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
.crl" available in the directory, files starting with a dot are ignored.
+ Warning: The "@system-ca" parameter could be used in place of the cafile
+ in order to use the trusted CAs of your system, like its done with the server
+ directive. But you mustn't use it unless you know what you are doing.
+ Configuring it this way basically mean that the bind will accept any client
+ certificate generated from one of the CA present on your system, which is
+ extremely unsecure.
+
ca-ignore-err [all|<errorID>,...]
This setting is only available when support for OpenSSL was built in.
Sets a comma separated list of errorIDs to ignore during verify at depth > 0.