diff options
author | kn <kn@cvs.openbsd.org> | 2021-06-22 17:59:49 +0000 |
---|---|---|
committer | kn <kn@cvs.openbsd.org> | 2021-06-22 17:59:49 +0000 |
commit | 1585d1fc467d2b3bb1757e2a1d54b5888c821e8a (patch) | |
tree | 18d8c433263f149155d78e671b4bbc21670d9ae9 /lib | |
parent | 7e073ece9476af7b217cd7a1592a41a040e2c26d (diff) |
Clarify tls_config_set_*_file() file I/O semantics
tls_config_set_*_file(3) do not just set the file paths like
tls_config_set_*_path(3) do, they do load the given file(s) into memory
directly using tls_config_load_file().
This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least wrt. those files), which is relevant when
for example pleding without "[rwc]path" after loading files into memory and
before doing tls_connect(3).
The manual's current wording made me use the following due to above way of
pledging a program:
tls_load_file()
tls_config_set_ca_mem()
tls_unload_file()
While in fact a single tls_config_set_ca_file() call does the same.
tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual
as noted by tb, thanks.
Feedback OK tb
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libtls/man/tls_load_file.3 | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/lib/libtls/man/tls_load_file.3 b/lib/libtls/man/tls_load_file.3 index d836a04723a..e6956aeaa18 100644 --- a/lib/libtls/man/tls_load_file.3 +++ b/lib/libtls/man/tls_load_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_load_file.3,v 1.11 2018/11/29 14:24:23 tedu Exp $ +.\" $OpenBSD: tls_load_file.3,v 1.12 2021/06/22 17:59:48 kn Exp $ .\" .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> .\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 29 2018 $ +.Dd $Mdocdate: June 22 2021 $ .Dt TLS_LOAD_FILE 3 .Os .Sh NAME @@ -217,8 +217,7 @@ call, ensuring that the memory contents is discarded. returns the path of the file that contains the default root certificates. .Pp .Fn tls_config_set_ca_file -sets the filename used to load a file -containing the root certificates. +loads a file containing the root certificates. .Pp .Fn tls_config_set_ca_path sets the path (directory) which should be searched for root @@ -228,41 +227,40 @@ certificates. sets the root certificates directly from memory. .Pp .Fn tls_config_set_cert_file -sets file from which the public certificate will be read. +loads a file containing the public certificate. .Pp .Fn tls_config_set_cert_mem sets the public certificate directly from memory. .Pp .Fn tls_config_set_crl_file -sets the filename used to load a file containing the -Certificate Revocation List (CRL). +loads a file containing the Certificate Revocation List (CRL). .Pp .Fn tls_config_set_crl_mem sets the CRL directly from memory. .Pp .Fn tls_config_set_key_file -sets the file from which the private key will be read. +loads a file containing the private key. .Pp .Fn tls_config_set_key_mem directly sets the private key from memory. .Pp .Fn tls_config_set_ocsp_staple_file -sets a DER-encoded OCSP response to be stapled during the TLS handshake from -the specified file. +loads a file containing a DER-encoded OCSP response to be stapled +during the TLS handshake. .Pp .Fn tls_config_set_ocsp_staple_mem sets a DER-encoded OCSP response to be stapled during the TLS handshake from memory. .Pp .Fn tls_config_set_keypair_file -sets the files from which the public certificate, and private key will be read. +loads two files from which the public certificate, and private key will be read. .Pp .Fn tls_config_set_keypair_mem directly sets the public certificate, and private key from memory. .Pp .Fn tls_config_set_keypair_ocsp_file -sets the files from which the public certificate, private key, and DER-encoded -OCSP staple will be read. +loads three files containing the public certificate, private key, +and DER-encoded OCSP staple. .Pp .Fn tls_config_set_keypair_ocsp_mem directly sets the public certificate, private key, and DER-encoded OCSP staple |