tls_config_set_ca_file(3) and tls_config_set_cert_file(3) do not just
set the file paths (like tls_config_set_ca_path(3) does), they do load
the given file into memory directly using tls_config_load_file().
This distinction is important because it means a later tls_connect(3)
will not do any file I/O (at least regarding those files), which is
relevant when for example pleding without "[rwc]path" after loading
files into memory and before doing tls_connect(3).
The manual's current wording made me use the following due to above way
of pleding a program:
tls_load_file()
tls_config_set_ca_mem()
tls_unload_file()
While in fact the following does the same (in my case):
tls_config_set_ca_file()
So clarify this in the manual.
Feedback? Objections? OK?
Index: man/tls_load_file.3
===================================================================
RCS file: /cvs/src/lib/libtls/man/tls_load_file.3,v
retrieving revision 1.11
diff -u -p -r1.11 tls_load_file.3
--- man/tls_load_file.3 29 Nov 2018 14:24:23 -0000 1.11
+++ man/tls_load_file.3 10 Jun 2021 22:05:00 -0000
@@ -217,8 +217,7 @@ call, ensuring that the memory contents
returns the path of the file that contains the default root certificates.
.Pp
.Fn tls_config_set_ca_file
-sets the filename used to load a file
-containing the root certificates.
+loads a file containing the root certificates.
.Pp
.Fn tls_config_set_ca_path
sets the path (directory) which should be searched for root
@@ -228,7 +227,7 @@ certificates.
sets the root certificates directly from memory.
.Pp
.Fn tls_config_set_cert_file
-sets file from which the public certificate will be read.
+loads a file containing the public certificate.
.Pp
.Fn tls_config_set_cert_mem
sets the public certificate directly from memory.
