From: kn Date: Tue, 22 Jun 2021 17:59:48 +0000 (+0000) Subject: Clarify tls_config_set_*_file() file I/O semantics X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d0fc3bb68efd6c434b4053cd7adb29023cbec341;p=openbsd Clarify tls_config_set_*_file() file I/O semantics tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb --- diff --git a/lib/libtls/man/tls_load_file.3 b/lib/libtls/man/tls_load_file.3 index d836a04723a..e6956aeaa18 100644 --- a/lib/libtls/man/tls_load_file.3 +++ b/lib/libtls/man/tls_load_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_load_file.3,v 1.11 2018/11/29 14:24:23 tedu Exp $ +.\" $OpenBSD: tls_load_file.3,v 1.12 2021/06/22 17:59:48 kn Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" Copyright (c) 2015 Reyk Floeter @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 29 2018 $ +.Dd $Mdocdate: June 22 2021 $ .Dt TLS_LOAD_FILE 3 .Os .Sh NAME @@ -217,8 +217,7 @@ call, ensuring that the memory contents is discarded. returns the path of the file that contains the default root certificates. .Pp .Fn tls_config_set_ca_file -sets the filename used to load a file -containing the root certificates. +loads a file containing the root certificates. .Pp .Fn tls_config_set_ca_path sets the path (directory) which should be searched for root @@ -228,41 +227,40 @@ certificates. sets the root certificates directly from memory. .Pp .Fn tls_config_set_cert_file -sets file from which the public certificate will be read. +loads a file containing the public certificate. .Pp .Fn tls_config_set_cert_mem sets the public certificate directly from memory. .Pp .Fn tls_config_set_crl_file -sets the filename used to load a file containing the -Certificate Revocation List (CRL). +loads a file containing the Certificate Revocation List (CRL). .Pp .Fn tls_config_set_crl_mem sets the CRL directly from memory. .Pp .Fn tls_config_set_key_file -sets the file from which the private key will be read. +loads a file containing the private key. .Pp .Fn tls_config_set_key_mem directly sets the private key from memory. .Pp .Fn tls_config_set_ocsp_staple_file -sets a DER-encoded OCSP response to be stapled during the TLS handshake from -the specified file. +loads a file containing a DER-encoded OCSP response to be stapled +during the TLS handshake. .Pp .Fn tls_config_set_ocsp_staple_mem sets a DER-encoded OCSP response to be stapled during the TLS handshake from memory. .Pp .Fn tls_config_set_keypair_file -sets the files from which the public certificate, and private key will be read. +loads two files from which the public certificate, and private key will be read. .Pp .Fn tls_config_set_keypair_mem directly sets the public certificate, and private key from memory. .Pp .Fn tls_config_set_keypair_ocsp_file -sets the files from which the public certificate, private key, and DER-encoded -OCSP staple will be read. +loads three files containing the public certificate, private key, +and DER-encoded OCSP staple. .Pp .Fn tls_config_set_keypair_ocsp_mem directly sets the public certificate, private key, and DER-encoded OCSP staple