On 12.06.2017 16:21, Emmanuel Hocdet wrote: > In haproxy 1.8dev, default certificate can now be optional. > This patch allow that.
This looks like a big footgun. While the idea is interesting and useful if this is to be considered at all this behavior should only be allowed after the user explicitly opted into it by setting a special flag like "allowmissingcerts" or something like that. Regards, Dennis