summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorkn <kn@cvs.openbsd.org>2021-06-22 17:59:49 +0000
committerkn <kn@cvs.openbsd.org>2021-06-22 17:59:49 +0000
commit1585d1fc467d2b3bb1757e2a1d54b5888c821e8a (patch)
tree18d8c433263f149155d78e671b4bbc21670d9ae9 /lib
parent7e073ece9476af7b217cd7a1592a41a040e2c26d (diff)
Clarify tls_config_set_*_file() file I/O semantics
tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb
Diffstat (limited to 'lib')
-rw-r--r--lib/libtls/man/tls_load_file.324
1 files changed, 11 insertions, 13 deletions
diff --git a/lib/libtls/man/tls_load_file.3 b/lib/libtls/man/tls_load_file.3
index d836a04723a..e6956aeaa18 100644
--- a/lib/libtls/man/tls_load_file.3
+++ b/lib/libtls/man/tls_load_file.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_load_file.3,v 1.11 2018/11/29 14:24:23 tedu Exp $
+.\" $OpenBSD: tls_load_file.3,v 1.12 2021/06/22 17:59:48 kn Exp $
.\"
.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -17,7 +17,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 29 2018 $
+.Dd $Mdocdate: June 22 2021 $
.Dt TLS_LOAD_FILE 3
.Os
.Sh NAME
@@ -217,8 +217,7 @@ call, ensuring that the memory contents is discarded.
returns the path of the file that contains the default root certificates.
.Pp
.Fn tls_config_set_ca_file
-sets the filename used to load a file
-containing the root certificates.
+loads a file containing the root certificates.
.Pp
.Fn tls_config_set_ca_path
sets the path (directory) which should be searched for root
@@ -228,41 +227,40 @@ certificates.
sets the root certificates directly from memory.
.Pp
.Fn tls_config_set_cert_file
-sets file from which the public certificate will be read.
+loads a file containing the public certificate.
.Pp
.Fn tls_config_set_cert_mem
sets the public certificate directly from memory.
.Pp
.Fn tls_config_set_crl_file
-sets the filename used to load a file containing the
-Certificate Revocation List (CRL).
+loads a file containing the Certificate Revocation List (CRL).
.Pp
.Fn tls_config_set_crl_mem
sets the CRL directly from memory.
.Pp
.Fn tls_config_set_key_file
-sets the file from which the private key will be read.
+loads a file containing the private key.
.Pp
.Fn tls_config_set_key_mem
directly sets the private key from memory.
.Pp
.Fn tls_config_set_ocsp_staple_file
-sets a DER-encoded OCSP response to be stapled during the TLS handshake from
-the specified file.
+loads a file containing a DER-encoded OCSP response to be stapled
+during the TLS handshake.
.Pp
.Fn tls_config_set_ocsp_staple_mem
sets a DER-encoded OCSP response to be stapled during the TLS handshake from
memory.
.Pp
.Fn tls_config_set_keypair_file
-sets the files from which the public certificate, and private key will be read.
+loads two files from which the public certificate, and private key will be read.
.Pp
.Fn tls_config_set_keypair_mem
directly sets the public certificate, and private key from memory.
.Pp
.Fn tls_config_set_keypair_ocsp_file
-sets the files from which the public certificate, private key, and DER-encoded
-OCSP staple will be read.
+loads three files containing the public certificate, private key,
+and DER-encoded OCSP staple.
.Pp
.Fn tls_config_set_keypair_ocsp_mem
directly sets the public certificate, private key, and DER-encoded OCSP staple