Hello,

Am 30.04.2017 um 22:16 schrieb Daniel Schneller:
> Hi!
>
> Yes, you got it right. I have no idea if there are technical limitations in 
> the SSL library or other parts of the code that would make several 
> certificate/key pairs for the same domain infeasible. 
>
> If there were hard restrictions, it could certainly be done "externally" with 
> a set of clever scripts and haproxy reloads, but IMO it would be a less 
> brittle solution if it were built right in. Also, it wouldn't require 
> separate scripts per platform and init system (SysV, systemd, …). 
>
> Daniel

Similar to the "Certificate order" thread, this is a very specific
requirement that only a handful of people require and it is imho best
achieved with external configuration tools. If we implement everyone of
those use-cases we are gonna transform haproxy into Microsoft Office.

I'm opposed to heavy feature-bloating for provisioning use-cases, that
can quite easily fixed where the fix belongs - the provisioning layer.


Those are just my two cents though ...


cheers,
lukas


Reply via email to