ca-file for servers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
charm-haproxy |
New
|
Undecided
|
Unassigned |
Bug Description
I cannot find a way to set a `ca-file` to use to verify a server's certificate. According to the configuration manual this should be a path to PEM file (or dir depending on Haproxy version). Currently I have to set `verify none` on the server stanza which is not ideal from a security perspective.
The ca PEM file could be passed from the server to the Haproxy charm through relationship data. Perhaps and option like "crts" could also be set for "ca-file". But then assuming that all backend servers for that service have the same ca-file which is not a must but should not be uncommon.
I have looked through all the documentation but could not find out how to do this except adding it manually. If there is already a way to do this I would much appreciate if someone could show me how it is done.