DOC: management: certificate files must be sanitized before injection
A lot of people encounter problems when trying to inject a certificate
file which contains extra informations or empty lines.
This patch adds a paragraph and a sanitizing example.
Must be backported as far as 2.1.
(cherry picked from commit ed8bfadd8d17fc59b8a1f57bb2476cd7df1ce190)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/doc/management.txt b/doc/management.txt
index 7f66230..38af652 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -2031,7 +2031,19 @@
Once the modification are done, you have to "commit ssl cert" the
transaction.
+ Injection of files over the CLI must be done with caution since an empty line
+ is used to notify the end of the payload. It is recommended to inject a PEM
+ file which has been sanitized. A simple method would be to remove every empty
+ line and only leave what are in the PEM sections. It could be achieved with a
+ sed command.
+
Example:
+
+ # With some simple sanitizing
+ echo -e "set ssl cert localhost.pem <<\n$(sed -n '/^$/d;/-BEGIN/,/-END/p' 127.0.0.1.pem)\n" | \
+ socat /var/run/haproxy.stat -
+
+ # Complete example with commit
echo -e "set ssl cert localhost.pem <<\n$(cat 127.0.0.1.pem)\n" | \
socat /var/run/haproxy.stat -
echo -e \