Clarify tls_config_set_*_file() file I/O semantics

tls_config_set_*_file(3) do not just set the file paths like
tls_config_set_*_path(3) do, they do load the given file(s) into memory
directly using tls_config_load_file().

This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least wrt. those files), which is relevant when
for example pleding without "[rwc]path" after loading files into memory and
before doing tls_connect(3).

The manual's current wording made me use the following due to above way of
pledging a program:
	tls_load_file()
	tls_config_set_ca_mem()
	tls_unload_file()

While in fact a single tls_config_set_ca_file() call does the same.

tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual
as noted by tb, thanks.

Feedback OK tb

diff --git a/lib/libtls/man/tls_load_file.3 b/lib/libtls/man/tls_load_file.3
index d836a04..e6956ae 100644 (file)
--- a/lib/libtls/man/tls_load_file.3
+++ b/lib/libtls/man/tls_load_file.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_load_file.3,v 1.11 2018/11/29 14:24:23 tedu Exp $
+.\" $OpenBSD: tls_load_file.3,v 1.12 2021/06/22 17:59:48 kn Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -17,7 +17,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 29 2018 $
+.Dd $Mdocdate: June 22 2021 $
 .Dt TLS_LOAD_FILE 3
 .Os
 .Sh NAME
@@ -217,8 +217,7 @@ call, ensuring that the memory contents is discarded.
 returns the path of the file that contains the default root certificates.
 .Pp
 .Fn tls_config_set_ca_file
-sets the filename used to load a file
-containing the root certificates.
+loads a file containing the root certificates.
 .Pp
 .Fn tls_config_set_ca_path
 sets the path (directory) which should be searched for root
@@ -228,41 +227,40 @@ certificates.
 sets the root certificates directly from memory.
 .Pp
 .Fn tls_config_set_cert_file
-sets file from which the public certificate will be read.
+loads a file containing the public certificate.
 .Pp
 .Fn tls_config_set_cert_mem
 sets the public certificate directly from memory.
 .Pp
 .Fn tls_config_set_crl_file
-sets the filename used to load a file containing the
-Certificate Revocation List (CRL).
+loads a file containing the Certificate Revocation List (CRL).
 .Pp
 .Fn tls_config_set_crl_mem
 sets the CRL directly from memory.
 .Pp
 .Fn tls_config_set_key_file
-sets the file from which the private key will be read.
+loads a file containing the private key.
 .Pp
 .Fn tls_config_set_key_mem
 directly sets the private key from memory.
 .Pp
 .Fn tls_config_set_ocsp_staple_file
-sets a DER-encoded OCSP response to be stapled during the TLS handshake from
-the specified file.
+loads a file containing a DER-encoded OCSP response to be stapled
+during the TLS handshake.
 .Pp
 .Fn tls_config_set_ocsp_staple_mem
 sets a DER-encoded OCSP response to be stapled during the TLS handshake from
 memory.
 .Pp
 .Fn tls_config_set_keypair_file
-sets the files from which the public certificate, and private key will be read.
+loads two files from which the public certificate, and private key will be read.
 .Pp
 .Fn tls_config_set_keypair_mem
 directly sets the public certificate, and private key from memory.
 .Pp
 .Fn tls_config_set_keypair_ocsp_file
-sets the files from which the public certificate, private key, and DER-encoded
-OCSP staple will be read.
+loads three files containing the public certificate, private key,
+and DER-encoded OCSP staple.
 .Pp
 .Fn tls_config_set_keypair_ocsp_mem
 directly sets the public certificate, private key, and DER-encoded OCSP staple