> Le 14 juin 2017 à 13:58, Dennis Jacobfeuerborn <denni...@conversis.de> a > écrit : > > On 12.06.2017 16:21, Emmanuel Hocdet wrote: >> In haproxy 1.8dev, default certificate can now be optional. >> This patch allow that. > > This looks like a big footgun. While the idea is interesting and useful > if this is to be considered at all this behavior should only be allowed > after the user explicitly opted into it by setting a special flag like > "allowmissingcerts" or something like that. > > Regards, > Dennis
What are you talking about? The default certificate is the first parsed certificate and is mandatory. Start haproxy without certificate fail. Now you can start without certificate. The default certificate will always be the first parsed certificate in next haproxy reloads. Manu
