Hello Ilia,
Can you rebase it in top of master? I can't find a commit around your
submission date where the patch applies.
Thanks,
On Sun, Feb 22, 2026 at 06:51:37PM +0100, Ilia Shipitsin wrote:
> Subject: [PATCH] Fix spelling and wording errors across HAProxy codebase
> Correct multiple typos and wording issues in source files, documentation, and
> CLI tools. Changes include fixes such as "specifiy → specify", "explicitely →
> explicitly", "targetting → targeting", "therefor → therefore", "accross →
> across", "explaination → explanation", and similar minor corrections. These
> updates improve clarity, consistency, and professionalism in user-facing
> docs, comments, and internal code annotations.
> ---
> admin/cli/haproxy-dump-certs | 2 +-
> doc/configuration.txt | 10 +++++-----
> doc/management.txt | 2 +-
> include/haproxy/proxy-t.h | 4 ++--
> include/haproxy/ssl_sock-t.h | 2 +-
> src/backend.c | 4 ++--
> src/cfgparse-ssl.c | 2 +-
> src/chunk.c | 4 ++--
> src/haproxy.c | 2 +-
> src/haterm.c | 6 +++---
> src/haterm_init.c | 4 ++--
> src/http_fetch.c | 2 +-
> src/jwe.c | 8 ++++----
> src/proxy.c | 2 +-
> src/stream.c | 4 ++--
> 15 files changed, 29 insertions(+), 29 deletions(-)
>
> diff --git a/admin/cli/haproxy-dump-certs b/admin/cli/haproxy-dump-certs
> index 59a507711..e15bb66d1 100755
> --- a/admin/cli/haproxy-dump-certs
> +++ b/admin/cli/haproxy-dump-certs
> @@ -149,7 +149,7 @@ usage() {
> echo "Options:"
> echo " -S, --master-socket <path> Use the master socket at <path>
> (default: ${SOCKET})"
> echo " -s, --socket <path> Use the stats socket at <path>"
> - echo " -p, --path <path> Specifiy a base path for relative
> files (default: ${BASEPATH})"
> + echo " -p, --path <path> Specify a base path for relative
> files (default: ${BASEPATH})"
> echo " -n, --dry-run Read certificates on the socket
> but don't dump them"
> echo " -d, --debug Debug mode, set -x"
> echo " -v, --verbose Verbose mode"
> diff --git a/doc/configuration.txt b/doc/configuration.txt
> index 6c14abfe7..28a51503d 100644
> --- a/doc/configuration.txt
> +++ b/doc/configuration.txt
> @@ -5345,7 +5345,7 @@ tune.ssl.certificate-compression { auto | off }
>
> When set to "auto" it uses the default value of the TLS library.
>
> - With "off" it tries to explicitely disable the support of the feature.
> + With "off" it tries to explicitly disable the support of the feature.
> HAProxy won't try to send compressed certificates anymore nor accept
> compressed certificates.
>
> @@ -7171,7 +7171,7 @@ default_backend <backend>
> used when no rule has matched. It generally is the dynamic backend which
> will catch all undetermined requests.
>
> - If a backend is disabled or unpublished, default_backend rules targetting
> it
> + If a backend is disabled or unpublished, default_backend rules targeting it
> will be ignored and stream processing will remain on the original proxy.
>
> Example :
> @@ -21478,7 +21478,7 @@ jwt_decrypt_cert(<cert>)
> decrypted thanks to the certificate provided.
> The <cert> parameter must be a path to an already loaded certificate (that
> can be dumped via the "dump ssl cert" CLI command). The certificate must
> have
> - its "jwt" option explicitely set to "on" (see "jwt" crt-list option). It
> can
> + its "jwt" option explicitly set to "on" (see "jwt" crt-list option). It can
> be provided directly or via a variable.
> The only tokens managed yet are the ones using the Compact Serialization
> format (five dot-separated base64-url encoded strings).
> @@ -31269,9 +31269,9 @@ user <username> [password|insecure-password
> <password>]
> slower than their glibc counterparts when calculating hashes, so you might
> want to consider this aspect too.
>
> - All passwords are considered normal arguments and are therefor subject to
> + All passwords are considered normal arguments and are therefore subject to
> regular section 2.2 Quoting and escaping. Single quoting passwords is
> - therefor recommended.
> + therefore recommended.
>
> Example:
> userlist L1
> diff --git a/doc/management.txt b/doc/management.txt
> index cee9f5b56..dbaf78196 100644
> --- a/doc/management.txt
> +++ b/doc/management.txt
> @@ -1731,7 +1731,7 @@ add backend <name> from <defproxy> [mode <mode>] [guid
> <guid>] [ EXPERIMENTAL ]
> Only TCP or HTTP proxies can be created. All of the settings are inherited
> from <defproxy> default proxy instance. By default, it is mandatory to
> specify the backend mode via the argument of the same name, unless
> <defproxy>
> - already defines it explicitely. It is also possible to use an optional GUID
> + already defines it explicitly. It is also possible to use an optional GUID
> argument if wanted.
>
> Servers can be added via the command "add server". The backend is
> initialized
> diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h
> index 21c9aae4f..ff980e20c 100644
> --- a/include/haproxy/proxy-t.h
> +++ b/include/haproxy/proxy-t.h
> @@ -242,12 +242,12 @@ enum PR_SRV_STATE_FILE {
> /* Proxy flags */
> #define PR_FL_DISABLED 0x01 /* The proxy was disabled in the
> configuration (not at runtime) */
> #define PR_FL_STOPPED 0x02 /* The proxy was stopped */
> -#define PR_FL_DEF_EXPLICIT_MODE 0x04 /* Proxy mode is explicitely defined
> - only used for defaults instance */
> +#define PR_FL_DEF_EXPLICIT_MODE 0x04 /* Proxy mode is explicitly defined -
> only used for defaults instance */
> #define PR_FL_EXPLICIT_REF 0x08 /* The default proxy is explicitly
> referenced by another proxy */
> #define PR_FL_IMPLICIT_REF 0x10 /* The default proxy is implicitly
> referenced by another proxy */
> #define PR_FL_PAUSED 0x20 /* The proxy was paused at run time
> (reversible) */
> #define PR_FL_CHECKED 0x40 /* The proxy configuration was fully
> checked (including postparsing checks) */
> -#define PR_FL_BE_UNPUBLISHED 0x80 /* The proxy cannot be targetted by
> content switching rules */
> +#define PR_FL_BE_UNPUBLISHED 0x80 /* The proxy cannot be targeted by
> content switching rules */
>
> struct stream;
>
> diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
> index 8b18e8241..6af6dea9f 100644
> --- a/include/haproxy/ssl_sock-t.h
> +++ b/include/haproxy/ssl_sock-t.h
> @@ -339,7 +339,7 @@ struct global_ssl {
> char **passphrase_cmd;
> int passphrase_cmd_args_cnt;
>
> - unsigned int certificate_compression:1; /* allow to explicitely disable
> certificate compression */
> + unsigned int certificate_compression:1; /* allow to explicitly disable
> certificate compression */
> };
>
> /* The order here matters for picking a default context,
> diff --git a/src/backend.c b/src/backend.c
> index 109fba3aa..7094c2f02 100644
> --- a/src/backend.c
> +++ b/src/backend.c
> @@ -2067,7 +2067,7 @@ int connect_server(struct stream *s)
> * available.
> *
> * This check must be performed before conn_prepare()
> - * to ensure consistency accross the whole stack, in
> + * to ensure consistency across the whole stack, in
> * particular for QUIC between quic-conn and mux layer.
> */
> if (IS_HTX_STRM(s) && srv->use_ssl &&
> @@ -3063,7 +3063,7 @@ int be_downtime(struct proxy *px) {
>
> /* Checks if <px> backend supports the addition of servers at runtime.
> Either a
> * backend or a defaults proxy are supported. If proxy is incompatible, <msg>
> - * will be allocated to contain a textual explaination.
> + * will be allocated to contain a textual explanation.
> */
> int be_supports_dynamic_srv(struct proxy *px, char **msg)
> {
> diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
> index 8b8d7f5e1..cb9247ce1 100644
> --- a/src/cfgparse-ssl.c
> +++ b/src/cfgparse-ssl.c
> @@ -496,7 +496,7 @@ static int ssl_parse_global_keylog(char **args, int
> section_type, struct proxy *
> }
> #endif
>
> -/* Allow to explicitely disable certificate compression when set to "off" */
> +/* Allow to explicitly disable certificate compression when set to "off" */
> #ifdef SSL_OP_NO_RX_CERTIFICATE_COMPRESSION
> static int ssl_parse_certificate_compression(char **args, int section_type,
> struct proxy *curpx,
> const struct proxy *defpx,
> const char *file, int line,
> diff --git a/src/chunk.c b/src/chunk.c
> index 54e9561b6..a3d519fc2 100644
> --- a/src/chunk.c
> +++ b/src/chunk.c
> @@ -80,7 +80,7 @@ struct buffer *get_trash_chunk(void)
> }
>
> /* Similar to get_trash_chunk() but return a pre-allocated large chunk
> - * instead. Becasuse large buffers are not enabled by default, this function
> may
> + * instead. Because large buffers are not enabled by default, this function
> may
> * return NULL.
> */
> struct buffer *get_large_trash_chunk(void)
> @@ -127,7 +127,7 @@ struct buffer *get_larger_trash_chunk(struct buffer *chk)
> if (!chk)
> return get_trash_chunk();
>
> - /* No large buffers or current chunk is alread a large trash chunk */
> + /* No large buffers or current chunk is already a large trash chunk */
> if (!large_trash_size || chk->size == large_trash_size)
> return NULL;
>
> diff --git a/src/haproxy.c b/src/haproxy.c
> index 177df7bcb..2eb48b6cc 100644
> --- a/src/haproxy.c
> +++ b/src/haproxy.c
> @@ -2822,7 +2822,7 @@ void deinit(void)
> * they are respectively cleaned up in sink_deinit() and
> deinit_log_forward()
> */
>
> - /* If named defaults were preserved, ensure refcount is resetted. */
> + /* If named defaults were preserved, ensure refcount is reset. */
> if (!(global.tune.options & GTUNE_PURGE_DEFAULTS))
> defaults_px_unref_all();
> /* All proxies are removed now, so every defaults should also be freed
> diff --git a/src/haterm.c b/src/haterm.c
> index 9299a9f5c..4bbafc3a1 100644
> --- a/src/haterm.c
> +++ b/src/haterm.c
> @@ -47,7 +47,7 @@ const char *HTTP_HELP =
> " - /?R=<enable> Enable sending random data if >0.\n"
> "\n"
> "Note that those arguments may be cumulated on one line separated by
> a set of\n"
> - "delimitors among [&?,;/] :\n"
> + "delimiters among [&?,;/] :\n"
> " - GET /?s=20k&c=1&t=700&K=30r HTTP/1.0\n"
> " - GET /?r=500?s=0?c=0?t=1000 HTTP/1.0\n"
> "\n";
> @@ -323,7 +323,7 @@ static int hstream_htx_buf_snd(struct connection *conn,
> struct hstream *hs)
> }
>
> /* The HTX data are not fully sent if the last HTX data
> - * were not fully transfered or if there are remaining data
> + * were not fully transferred or if there are remaining data
> * to send (->to_write > 0).
> */
> if (!htx_is_empty(htxbuf(&hs->res))) {
> @@ -1007,7 +1007,7 @@ static int hstream_build_responses(void)
>
> /* original haterm chunk mode responses are made of 1-byte chunks
> * but the haproxy muxes do not support this. At this time
> - * these reponses are handled the same way as for common
> + * these responses are handled the same way as for common
> * responses with a pre-built buffer.
> */
> for (i = 0; i < sizeof(common_chunk_resp); i++)
> diff --git a/src/haterm_init.c b/src/haterm_init.c
> index 65baad54f..2a7cb3897 100644
> --- a/src/haterm_init.c
> +++ b/src/haterm_init.c
> @@ -106,7 +106,7 @@ static inline size_t hbuf_is_null(const struct hbuf *h)
>
> /* Simple function, to append <line> to <b> without without
> * trailing '\0' character.
> - * Take into an account the '\t' and '\n' escaped sequeces.
> + * Take into an account the '\t' and '\n' escaped sequences.
> */
> static void hstream_str_buf_append(struct hbuf *h, const char *line)
> {
> @@ -215,7 +215,7 @@ void haproxy_init_args(int argc, char **argv)
> argc--; argv++;
> }
>
> - /* Restore the argumenst */
> + /* Restore the arguments */
> argc = sargc; argv = sargv;
> while (argc > 0) {
> char *opt;
> diff --git a/src/http_fetch.c b/src/http_fetch.c
> index eae140b3b..df9de7eb5 100644
> --- a/src/http_fetch.c
> +++ b/src/http_fetch.c
> @@ -44,7 +44,7 @@
> /* this struct is used between calls to smp_fetch_hdr() or
> smp_fetch_cookie() */
> static THREAD_LOCAL struct http_hdr_ctx static_http_hdr_ctx;
> /* this is used to convert raw connection buffers to htx */
> -/* NOTE: For now, raw bufers cannot exceeds the standard size */
> +/* NOTE: For now, raw buffers cannot exceeds the standard size */
> static THREAD_LOCAL struct buffer static_raw_htx_chunk;
> static THREAD_LOCAL char *static_raw_htx_buf;
>
> diff --git a/src/jwe.c b/src/jwe.c
> index bfa73d901..e095537d5 100644
> --- a/src/jwe.c
> +++ b/src/jwe.c
> @@ -326,7 +326,7 @@ static int decrypt_cek_aeskw(struct buffer *cek, struct
> buffer *decrypted_cek, s
> * the one found in the JWE token.
> * The tag is built out of a HMAC of some concatenated data taken from the
> JWE
> * token (see https://datatracker.ietf.org/doc/html/rfc7518#section-5.2). The
> - * firest half of the previously decrypted cek is used as HMAC key.
> + * first half of the previously decrypted cek is used as HMAC key.
> * Returns 0 in case of success, 1 otherwise.
> */
> static int build_and_check_tag(jwe_enc enc, struct jwt_item
> items[JWE_ELT_MAX],
> @@ -504,7 +504,7 @@ static inline void clear_decoded_items(struct buffer
> *decoded_items[JWE_ELT_MAX]
> /*
> * Decrypt the contents of a JWE token thanks to the user-provided base64
> * encoded secret. This converter can only be used for tokens that have a
> - * symetric algorithm (AESKW, AESGCMKW or "dir" special case).
> + * symmetric algorithm (AESKW, AESGCMKW or "dir" special case).
> * Returns the decrypted contents, or nothing if any error happened.
> */
> static int sample_conv_jwt_decrypt_secret(const struct arg *args, struct
> sample *smp, void *private)
> @@ -761,7 +761,7 @@ static int decrypt_cek_rsa(struct buffer *cek, struct
> buffer *decrypted_cek,
> /*
> * Decrypt the contents of a JWE token thanks to the user-provided
> certificate
> * and private key. This converter can only be used for tokens that have an
> - * asymetric algorithm (RSA only for now).
> + * asymmetric algorithm (RSA only for now).
> * Returns the decrypted contents, or nothing if any error happened.
> */
> static int sample_conv_jwt_decrypt_cert(const struct arg *args, struct
> sample *smp, void *private)
> @@ -827,7 +827,7 @@ static int sample_conv_jwt_decrypt_cert(const struct arg
> *args, struct sample *s
> if (chunk_printf(cert, "%.*s", (int)b_data(&cert_smp.data.u.str),
> b_orig(&cert_smp.data.u.str)) <= 0)
> goto end;
>
> - /* With asymetric crypto algorithms we should always have a CEK */
> + /* With asymmetric crypto algorithms we should always have a CEK */
> if (!items[JWE_ELT_CEK].length)
> goto end;
>
> diff --git a/src/proxy.c b/src/proxy.c
> index dadcff0c6..8718ce995 100644
> --- a/src/proxy.c
> +++ b/src/proxy.c
> @@ -4857,7 +4857,7 @@ static int cli_parse_add_backend(char **args, char
> *payload, struct appctx *appc
> return 1;
> }
> if (!(defpx->flags & PR_FL_DEF_EXPLICIT_MODE) && !mode) {
> - cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s'
> default proxy does not explicitely defines it.\n", def_name));
> + cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s'
> default proxy does not explicitly defines it.\n", def_name));
> return 1;
> }
> if (defpx->mode != PR_MODE_TCP && defpx->mode != PR_MODE_HTTP) {
> diff --git a/src/stream.c b/src/stream.c
> index b2eef9187..35ea931eb 100644
> --- a/src/stream.c
> +++ b/src/stream.c
> @@ -1141,12 +1141,12 @@ enum act_return process_use_service(struct act_rule
> *rule, struct proxy *px,
> return ACT_RET_STOP;
> }
>
> -/* Parses persist-rules attached to <fe> frontend and report the first
> macthing
> +/* Parses persist-rules attached to <fe> frontend and report the first
> matching
> * entry, using <sess> session and <s> stream as sample source.
> *
> * As this function is called several times in the same stream context,
> * <persist> will act as a caching value to avoid reprocessing of a similar
> - * ruleset. It must be set to a negative value for the first invokation.
> + * ruleset. It must be set to a negative value for the first invocation.
> *
> * Returns 1 if a rule matches, else 0.
> */
> --
> 2.46.0.windows.1
>
>
>
--
William Lallemand
