William Lallemand

It looks like the ./003complex/009broken.t test broke on the CI, however this test was already broken on my system without this patch, so that's probably unrelated.

There are currently some development about this, but that requires some major change of architecture. We already spoke about a separate process (like for the program section) that could access...

This is already planned and part of a bigger restructuring. However for compatibility reasons there will be a "key" keyword to use in the crt-list.

Where it may be complicated to report a precise error with the OpenSSL library for each request, it is probably doable to have something on the CLI which allows to...

No plan was done for the pkcs11 yet. The pkcs11 provider wasn't ready when we worked on the OpenSSL 3 providers support in HAProxy. However the TPM2 module which was...

It's not planned for now. If you wish to work on this, we will be happy to integrate contributions on the subject. HAProxy >= 2.6 still supports the engine API,...

There are 2 issues here: - The httpclient SSL initialization still emit a warning when it must fail silently - The ca-file directory loading does not seem to work correctly....

Thanks for your report, I'll take a look at it. Regarding the buffer allocation, it could probably be done in a postparser operation once the crt-list are allocated. But there...

You are indeed reaching a limitation of the current system, we have this problem with other commands but we split some of them into a transaction mechanism in order to...

I pushed a small PoC which basically does what you need, it's not finished but you can try this branch with these commands: ``` printf "set ssl ca-file ${testdir}/set_cafile_interCA1.crt