On Sat, Jun 03, 2023 at 01:50:48PM +0200, William Lallemand wrote: > On Thu, Jun 01, 2023 at 11:42:34PM +0200, Willy Tarreau wrote: > > So this means that the doc is still not clear enough and we need to > > improve this. And indeed, I'm myself confused because William told me > > a few days ago that "ocsp-update" was for crt-list lines only and it's > > found in the "bind line options" section. And of course, when there are > > examples, they're not the ones you're looking for, that's classical! > > Yep, that's exactly what I said to you, that it's in the documentation > of the bind lines because we don't have specific crt-list > documentation, and it's specified in the documentation that it's only > for crt-list.
I see now. What makes this very confusing is that "crt-list" is described at the same level, and that the first paragraph of "bind options" does not mention crt-list. At least (for stable versions) we should mention in this first paragraph something like: Most keywords here are valid on "bind" lines. Some are only valid when SSL is compiled in, and among them a few are also usable in crt-list files, and a few are only valid in crt-list files. In any case if the scope differs from "bind" line only, it will be explicitly mentioned in the keyword description. A quick check at the various keywords to make sure it's always mentioned when they're OK for crt-list would help, and such a small change could be backported to stable versions without impact. Thanks, Willy