"Fossies" - the Fresh Open Source Software Archive

Member "hitch-1.5.2/src/tests/test18-oldcfg.sh" (27 Aug 2019, 17365 Bytes) of package /linux/www/hitch-1.5.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "test18-oldcfg.sh": 1.4.6_vs_1.4.8.

    1 #!/bin/sh
    2 
    3 . hitch_test.sh
    4 
    5 test_cfg() {
    6     cfg=$1.cfg
    7     cat >"$cfg"
    8     run_cmd hitch --test --config="$cfg"
    9 }
   10 
   11 # stud config
   12 test_cfg stud <<EOF
   13 #
   14 # stud(8), The Scalable TLS Unwrapping Daemon's configuration
   15 #
   16 
   17 # NOTE: all config file parameters can be overriden
   18 #       from command line!
   19 
   20 # Listening address. REQUIRED.
   21 #
   22 # type: string
   23 # syntax: [HOST]:PORT
   24 frontend = "[*]:$LISTENPORT"
   25 
   26 # Upstream server address. REQUIRED.
   27 #
   28 # type: string
   29 # syntax: [HOST]:PORT.
   30 backend = "[127.0.0.1]:80"
   31 
   32 # SSL x509 certificate file. REQUIRED.
   33 # List multiple certs to use SNI. Certs are used in the order they
   34 # are listed; the last cert listed will be used if none of the others match
   35 #
   36 # type: string
   37 pem-file = "${CERTSDIR}/default.example.com"
   38 
   39 # SSL protocol.
   40 #
   41 # tls = on
   42 # ssl = off
   43 
   44 # List of allowed SSL ciphers.
   45 #
   46 # Run openssl ciphers for list of available ciphers.
   47 # type: string
   48 ciphers = ""
   49 
   50 # Enforce server cipher list order
   51 #
   52 # type: boolean
   53 prefer-server-ciphers = off
   54 
   55 # Use specified SSL engine
   56 #
   57 # type: string
   58 ssl-engine = ""
   59 
   60 # Number of worker processes
   61 #
   62 # type: integer
   63 workers = 1
   64 
   65 # Listen backlog size
   66 #
   67 # type: integer
   68 backlog = 100
   69 
   70 # TCP socket keepalive interval in seconds
   71 #
   72 # type: integer
   73 keepalive = 3600
   74 
   75 # Chroot directory
   76 #
   77 # type: string
   78 chroot = ""
   79 
   80 # Set uid after binding a socket
   81 #
   82 # type: string
   83 user = ""
   84 
   85 # Set gid after binding a socket
   86 #
   87 # type: string
   88 group = ""
   89 
   90 # Quiet execution, report only error messages
   91 #
   92 # type: boolean
   93 quiet = off
   94 
   95 # Use syslog for logging
   96 #
   97 # type: boolean
   98 syslog = off
   99 
  100 # Syslog facility to use
  101 #
  102 # type: string
  103 syslog-facility = "daemon"
  104 
  105 # Run as daemon
  106 #
  107 # type: boolean
  108 daemon = off
  109 
  110 # Report client address by writing IP before sending data
  111 #
  112 # NOTE: This option is mutually exclusive with option write-proxy and proxy-proxy.
  113 #
  114 # type: boolean
  115 write-ip = off
  116 
  117 # Report client address using SENDPROXY protocol, see
  118 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  119 # for details.
  120 #
  121 # NOTE: This option is mutually exclusive with option write-ip and proxy-proxy.
  122 #
  123 # type: boolean
  124 write-proxy = off
  125 
  126 # Proxy an existing SENDPROXY protocol header through this request.
  127 #
  128 # NOTE: This option is mutually exclusive with option write-ip and write-proxy.
  129 #
  130 # type: boolean
  131 proxy-proxy = off
  132 EOF
  133 
  134 # hitch 1.0.0
  135 test_cfg 1_0_0 <<EOF
  136 #
  137 # Example configuration file for hitch(8).
  138 #
  139 # NOTE: all config file parameters can be overriden
  140 #       from command line!
  141 
  142 # Listening address. REQUIRED.
  143 # Can be specified multiple times for multiple listen endpoints.
  144 # type: string
  145 # syntax: [HOST]:PORT[+CERT]
  146 frontend = "[*]:$LISTENPORT"
  147 
  148 # Upstream server address. REQUIRED.
  149 #
  150 # type: string
  151 # syntax: [HOST]:PORT.
  152 backend = "[127.0.0.1]:80"
  153 
  154 # SSL x509 certificate file. REQUIRED.
  155 # List multiple certs to use SNI. Certs are used in the order they
  156 # are listed; the last cert listed will be used if none of the others match
  157 #
  158 # type: string
  159 pem-file = "${CERTSDIR}/default.example.com"
  160 
  161 # SSL protocol.
  162 #
  163 # tls = on
  164 # ssl = off
  165 
  166 # List of allowed SSL ciphers.
  167 #
  168 # Run openssl ciphers for list of available ciphers.
  169 # type: string
  170 ciphers = ""
  171 
  172 # Enforce server cipher list order
  173 #
  174 # type: boolean
  175 prefer-server-ciphers = off
  176 
  177 # Use specified SSL engine
  178 #
  179 # type: string
  180 ssl-engine = ""
  181 
  182 # Number of worker processes
  183 #
  184 # type: integer
  185 workers = 1
  186 
  187 # Listen backlog size
  188 #
  189 # type: integer
  190 backlog = 100
  191 
  192 # TCP socket keepalive interval in seconds
  193 #
  194 # type: integer
  195 keepalive = 3600
  196 
  197 # Chroot directory
  198 #
  199 # type: string
  200 chroot = ""
  201 
  202 # Set uid after binding a socket
  203 #
  204 # type: string
  205 user = ""
  206 
  207 # Set gid after binding a socket
  208 #
  209 # type: string
  210 group = ""
  211 
  212 # Quiet execution, report only error messages
  213 #
  214 # type: boolean
  215 quiet = off
  216 
  217 # Use syslog for logging
  218 #
  219 # type: boolean
  220 syslog = off
  221 
  222 # Syslog facility to use
  223 #
  224 # type: string
  225 syslog-facility = "daemon"
  226 
  227 # Run as daemon
  228 #
  229 # type: boolean
  230 daemon = off
  231 
  232 # Report client address by writing IP before sending data
  233 #
  234 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
  235 #
  236 # type: boolean
  237 write-ip = off
  238 
  239 # Report client address using SENDPROXY protocol, see
  240 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  241 # for details.
  242 #
  243 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
  244 #
  245 # type: boolean
  246 write-proxy-v1 = off
  247 
  248 # Report client address using SENDPROXY v2 binary protocol, see
  249 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  250 # for details.
  251 #
  252 # NOTE: This option is mutually exclusive with option write-ip, write-proxy-v1 and proxy-proxy.
  253 #
  254 # type: boolean
  255 write-proxy-v2 = off
  256 
  257 # Proxy an existing SENDPROXY protocol header through this request.
  258 #
  259 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy-v1.
  260 #
  261 # type: boolean
  262 proxy-proxy = off
  263 
  264 # Abort handshake when the client submits an unrecognized SNI server name.
  265 #
  266 # type: boolean
  267 sni-nomatch-abort = off
  268 EOF
  269 
  270 # 1.1.0 didn't see any config file changes
  271 # hitch 1.2.0
  272 test_cfg 1_2_0 <<EOF
  273 #
  274 # Example configuration file for hitch(8).
  275 #
  276 
  277 # Listening address. REQUIRED.
  278 # Can be specified multiple times for multiple listen endpoints.
  279 # type: string
  280 # syntax: [HOST]:PORT[+CERT]
  281 # frontend = "[*]:8443"
  282 
  283 
  284 # Listening address. Alternative syntax
  285 #
  286 frontend = {
  287     host = "*"
  288     port = "$LISTENPORT"
  289 }
  290 
  291 # The following options can also be set in a frontend block, which
  292 # will configure the option for this specific frontend only:
  293 #
  294 #    pem-file = ""
  295 #    tls = on
  296 #    ssl = off
  297 #    ciphers = ""
  298 #    prefer-server-ciphers = off
  299 #    sni-nomatch-abort = off
  300 #    match-global-certs = off
  301 #
  302 # See further explanation below for each specifc option.
  303 
  304 # Upstream server address. REQUIRED.
  305 #
  306 # type: string
  307 # syntax: [HOST]:PORT.
  308 backend = "[127.0.0.1]:80"
  309 
  310 # SSL x509 certificate file. REQUIRED.
  311 # List multiple certs to use SNI. Certs are used in the order they
  312 # are listed; the last cert listed will be used if none of the others match
  313 #
  314 # Also available in a frontend declaration, to make a certificate
  315 # only available for a specific listen endpoint.
  316 #
  317 # type: string
  318 pem-file = "${CERTSDIR}/default.example.com"
  319 
  320 # SSL protocol.
  321 #
  322 # tls = on
  323 # ssl = off
  324 
  325 # List of allowed SSL ciphers.
  326 #
  327 # Run openssl ciphers for list of available ciphers.
  328 #
  329 # Option is also available in a frontend declaration.
  330 #
  331 # type: string
  332 ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
  333 
  334 # Enforce server cipher list order
  335 #
  336 # Option is also available in a frontend declaration.
  337 #
  338 # type: boolean
  339 prefer-server-ciphers = off
  340 
  341 # Use specified SSL engine
  342 #
  343 # type: string
  344 ssl-engine = ""
  345 
  346 # Number of worker processes
  347 #
  348 # type: integer
  349 workers = 1
  350 
  351 # Listen backlog size
  352 #
  353 # type: integer
  354 backlog = 100
  355 
  356 # TCP socket keepalive interval in seconds
  357 #
  358 # type: integer
  359 keepalive = 3600
  360 
  361 # Chroot directory
  362 #
  363 # type: string
  364 chroot = ""
  365 
  366 # Set uid after binding a socket
  367 #
  368 # type: string
  369 user = ""
  370 
  371 # Set gid after binding a socket
  372 #
  373 # type: string
  374 group = ""
  375 
  376 # Quiet execution, report only error messages
  377 #
  378 # type: boolean
  379 quiet = off
  380 
  381 # Use syslog for logging
  382 #
  383 # type: boolean
  384 syslog = off
  385 
  386 # Syslog facility to use
  387 #
  388 # type: string
  389 syslog-facility = "daemon"
  390 
  391 # Run as daemon
  392 #
  393 # type: boolean
  394 daemon = off
  395 
  396 # Report client address by writing IP before sending data
  397 #
  398 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
  399 #
  400 # type: boolean
  401 write-ip = off
  402 
  403 # Report client address using SENDPROXY protocol, see
  404 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  405 # for details.
  406 #
  407 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
  408 #
  409 # type: boolean
  410 write-proxy-v1 = off
  411 
  412 # Report client address using SENDPROXY v2 binary protocol, see
  413 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  414 # for details.
  415 #
  416 # NOTE: This option is mutually exclusive with option write-ip, write-proxy-v1 and proxy-proxy.
  417 #
  418 # type: boolean
  419 write-proxy-v2 = off
  420 
  421 # Proxy an existing SENDPROXY protocol header through this request.
  422 #
  423 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy-v1.
  424 #
  425 # type: boolean
  426 proxy-proxy = off
  427 
  428 # Abort handshake when the client submits an unrecognized SNI server name.
  429 #
  430 # Option is also available in a frontend declaration.
  431 #
  432 # type: boolean
  433 sni-nomatch-abort = off
  434 
  435 # frontend = {
  436 #
  437 # # match-global-certs: Also search globally defined PEM files for SNI
  438 # # certficiate lookups.
  439 # # Only available in a frontend declaration.
  440 #
  441 #     match-global-certs = off
  442 #
  443 #     host = "localhost"
  444 #     port = "443"
  445 #     pem-file = "/etc/hitch/certs/mycert.pem"
  446 #
  447 # }
  448 EOF
  449 
  450 # hitch 1.3.0
  451 test_cfg 1_3_0 <<EOF
  452 #
  453 # Example configuration file for hitch(8).
  454 #
  455 
  456 # Listening address. REQUIRED.
  457 # Can be specified multiple times for multiple listen endpoints.
  458 # type: string
  459 # syntax: [HOST]:PORT[+CERT]
  460 #frontend = "[*]:8443"
  461 
  462 
  463 # Listening address. Alternative syntax
  464 #
  465 frontend = {
  466     host = "*"
  467     port = "$LISTENPORT"
  468 }
  469 
  470 # The following options can also be set in a frontend block, which
  471 # will configure the option for this specific frontend only:
  472 #
  473 #    pem-file = ""
  474 #    tls = on
  475 #    ssl = off
  476 #    ciphers = ""
  477 #    prefer-server-ciphers = off
  478 #    sni-nomatch-abort = off
  479 #    match-global-certs = off
  480 #
  481 # See further explanation below for each specifc option.
  482 
  483 # Upstream server address. REQUIRED.
  484 #
  485 # type: string
  486 # syntax: [HOST]:PORT.
  487 backend = "[127.0.0.1]:80"
  488 
  489 # SSL x509 certificate file. REQUIRED.
  490 # List multiple certs to use SNI. Certs are used in the order they
  491 # are listed; the last cert listed will be used if none of the others match
  492 #
  493 # Also available in a frontend declaration, to make a certificate
  494 # only available for a specific listen endpoint.
  495 #
  496 # type: string
  497 pem-file = "${CERTSDIR}/default.example.com"
  498 
  499 # OCSP settings
  500 #
  501 # Directory where Hitch will store and read OCSP responses for
  502 # stapling. Directory must be readable and writable for the configured
  503 # hitch user. Setting this option enables automatic retrieval and
  504 # updating of OCSP responses.
  505 #
  506 # ocsp-dir = "/var/lib/hitch-ocsp"
  507 
  508 # Timeout for fetching an OCSP response from a responder (in seconds)
  509 # ocsp-resp-tmo = 10;
  510 
  511 # Timeout for connecting to an OCSP responder (in seconds)
  512 # ocsp-connect-tmo = 4;
  513 
  514 # Verification of OCSP responses
  515 # ocsp-verify-staple = off
  516 
  517 # If you have a manually pre-loaded OCSP staple, and alternative
  518 # pem-file syntax can be used for stapling:
  519 #
  520 # pem-file = {
  521 #   cert = "mycert.pem"
  522 #   ocsp-resp-file = "ocsp-resp.der"
  523 # }
  524 
  525 # SSL protocol.
  526 #
  527 # tls = on
  528 # ssl = off
  529 
  530 # List of allowed SSL ciphers.
  531 #
  532 # Run openssl ciphers for list of available ciphers.
  533 #
  534 # Option is also available in a frontend declaration.
  535 #
  536 # type: string
  537 ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
  538 
  539 # Enforce server cipher list order
  540 #
  541 # Option is also available in a frontend declaration.
  542 #
  543 # type: boolean
  544 prefer-server-ciphers = off
  545 
  546 # Use specified SSL engine
  547 #
  548 # type: string
  549 ssl-engine = ""
  550 
  551 # Number of worker processes
  552 #
  553 # type: integer
  554 workers = 1
  555 
  556 # Listen backlog size
  557 #
  558 # type: integer
  559 backlog = 100
  560 
  561 # TCP socket keepalive interval in seconds
  562 #
  563 # type: integer
  564 keepalive = 3600
  565 
  566 # Chroot directory
  567 #
  568 # type: string
  569 chroot = ""
  570 
  571 # Set uid after binding a socket
  572 #
  573 # type: string
  574 user = ""
  575 
  576 # Set gid after binding a socket
  577 #
  578 # type: string
  579 group = ""
  580 
  581 # Quiet execution, report only error messages
  582 #
  583 # type: boolean
  584 quiet = off
  585 
  586 # Use syslog for logging
  587 #
  588 # type: boolean
  589 syslog = off
  590 
  591 # Syslog facility to use
  592 #
  593 # type: string
  594 syslog-facility = "daemon"
  595 
  596 # Run as daemon
  597 #
  598 # type: boolean
  599 daemon = off
  600 
  601 # Report client address by writing IP before sending data
  602 #
  603 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
  604 #
  605 # type: boolean
  606 write-ip = off
  607 
  608 # Report client address using SENDPROXY protocol, see
  609 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  610 # for details.
  611 #
  612 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
  613 #
  614 # type: boolean
  615 write-proxy-v1 = off
  616 
  617 # Report client address using SENDPROXY v2 binary protocol, see
  618 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  619 # for details.
  620 #
  621 # NOTE: This option is mutually exclusive with option write-ip, write-proxy-v1 and proxy-proxy.
  622 #
  623 # type: boolean
  624 write-proxy-v2 = off
  625 
  626 # Proxy an existing SENDPROXY protocol header through this request.
  627 #
  628 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy-v1.
  629 #
  630 # type: boolean
  631 proxy-proxy = off
  632 
  633 # Abort handshake when the client submits an unrecognized SNI server name.
  634 #
  635 # Option is also available in a frontend declaration.
  636 #
  637 # type: boolean
  638 sni-nomatch-abort = off
  639 
  640 # frontend = {
  641 #
  642 # # match-global-certs: Also search globally defined PEM files for SNI
  643 # # certficiate lookups.
  644 # # Only available in a frontend declaration.
  645 #
  646 #     match-global-certs = off
  647 #
  648 #     host = "localhost"
  649 #     port = "443"
  650 #     pem-file = "/etc/hitch/certs/mycert.pem"
  651 #
  652 # }
  653 EOF
  654 
  655 # hitch 1.4.0
  656 test_cfg 1_4_0 <<EOF
  657 #
  658 # Example configuration file for hitch(8).
  659 #
  660 
  661 # Listening address. REQUIRED.
  662 # Can be specified multiple times for multiple listen endpoints.
  663 # type: string
  664 # syntax: [HOST]:PORT[+CERT]
  665 #frontend = "[*]:8443"
  666 
  667 
  668 # Listening address. Alternative syntax
  669 #
  670 frontend = {
  671     host = "*"
  672     port = "$LISTENPORT"
  673 }
  674 
  675 # The following options can also be set in a frontend block, which
  676 # will configure the option for this specific frontend only:
  677 #
  678 #    pem-file = ""
  679 #    tls = on
  680 #    ssl = off
  681 #    ciphers = ""
  682 #    prefer-server-ciphers = off
  683 #    sni-nomatch-abort = off
  684 #    match-global-certs = off
  685 #
  686 # See further explanation below for each specifc option.
  687 
  688 # Upstream server address. REQUIRED.
  689 #
  690 # type: string
  691 # syntax: [HOST]:PORT.
  692 backend = "[127.0.0.1]:80"
  693 
  694 # SSL x509 certificate file. REQUIRED.
  695 # List multiple certs to use SNI. Certs are used in the order they
  696 # are listed; the last cert listed will be used if none of the others match
  697 #
  698 # Also available in a frontend declaration, to make a certificate
  699 # only available for a specific listen endpoint.
  700 #
  701 # type: string
  702 pem-file = "${CERTSDIR}/default.example.com"
  703 
  704 # OCSP settings
  705 #
  706 # Directory where Hitch will store and read OCSP responses for
  707 # stapling. Directory must be readable and writable for the configured
  708 # hitch user. Setting this option enables automatic retrieval and
  709 # updating of OCSP responses.
  710 #
  711 # ocsp-dir = "/var/lib/hitch-ocsp"
  712 
  713 # Timeout for fetching an OCSP response from a responder (in seconds)
  714 # ocsp-resp-tmo = 10;
  715 
  716 # Timeout for connecting to an OCSP responder (in seconds)
  717 # ocsp-connect-tmo = 4;
  718 
  719 # Verification of OCSP responses
  720 # ocsp-verify-staple = off
  721 
  722 # If you have a manually pre-loaded OCSP staple, and alternative
  723 # pem-file syntax can be used for stapling:
  724 #
  725 # pem-file = {
  726 #   cert = "mycert.pem"
  727 #   ocsp-resp-file = "ocsp-resp.der"
  728 # }
  729 
  730 # SSL protocol.
  731 #
  732 # tls = on
  733 # ssl = off
  734 
  735 # List of allowed SSL ciphers.
  736 #
  737 # Run openssl ciphers for list of available ciphers.
  738 #
  739 # Option is also available in a frontend declaration.
  740 #
  741 # type: string
  742 ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
  743 
  744 # Enforce server cipher list order
  745 #
  746 # Option is also available in a frontend declaration.
  747 #
  748 # type: boolean
  749 prefer-server-ciphers = off
  750 
  751 # Use specified SSL engine
  752 #
  753 # type: string
  754 ssl-engine = ""
  755 
  756 # Number of worker processes
  757 #
  758 # type: integer
  759 workers = 1
  760 
  761 # Listen backlog size
  762 #
  763 # type: integer
  764 backlog = 100
  765 
  766 # TCP socket keepalive interval in seconds
  767 #
  768 # type: integer
  769 keepalive = 3600
  770 
  771 # Chroot directory
  772 #
  773 # type: string
  774 chroot = ""
  775 
  776 # Set uid after binding a socket
  777 #
  778 # type: string
  779 user = ""
  780 
  781 # Set gid after binding a socket
  782 #
  783 # type: string
  784 group = ""
  785 
  786 # Quiet execution, report only error messages
  787 #
  788 # type: boolean
  789 quiet = off
  790 
  791 # Use syslog for logging
  792 #
  793 # type: boolean
  794 syslog = off
  795 
  796 # Syslog facility to use
  797 #
  798 # type: string
  799 syslog-facility = "daemon"
  800 
  801 # Run as daemon
  802 #
  803 # type: boolean
  804 daemon = off
  805 
  806 # Report client address by writing IP before sending data
  807 #
  808 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
  809 #
  810 # type: boolean
  811 write-ip = off
  812 
  813 # Report client address using SENDPROXY protocol, see
  814 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  815 # for details.
  816 #
  817 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
  818 #
  819 # type: boolean
  820 write-proxy-v1 = off
  821 
  822 # Report client address using SENDPROXY v2 binary protocol, see
  823 # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
  824 # for details.
  825 #
  826 # NOTE: This option is mutually exclusive with option write-ip, write-proxy-v1 and proxy-proxy.
  827 #
  828 # type: boolean
  829 write-proxy-v2 = off
  830 
  831 # Proxy an existing SENDPROXY protocol header through this request.
  832 #
  833 # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy-v1.
  834 #
  835 # type: boolean
  836 proxy-proxy = off
  837 
  838 # Abort handshake when the client submits an unrecognized SNI server name.
  839 #
  840 # Option is also available in a frontend declaration.
  841 #
  842 # type: boolean
  843 sni-nomatch-abort = off
  844 
  845 # frontend = {
  846 #
  847 # # match-global-certs: Also search globally defined PEM files for SNI
  848 # # certficiate lookups.
  849 # # Only available in a frontend declaration.
  850 #
  851 #     match-global-certs = off
  852 #
  853 #     host = "localhost"
  854 #     port = "443"
  855 #     pem-file = "/etc/hitch/certs/mycert.pem"
  856 #
  857 # }
  858 EOF