On Sat, Jun 19, 2021 at 03:34:39PM +0000, Klemens Nanni wrote: > On Thu, Jun 10, 2021 at 10:26:15PM +0000, Klemens Nanni wrote: > > tls_config_set_ca_file(3) and tls_config_set_cert_file(3) do not just > > set the file paths (like tls_config_set_ca_path(3) does), they do load > > the given file into memory directly using tls_config_load_file(). > > > > This distinction is important because it means a later tls_connect(3) > > will not do any file I/O (at least regarding those files), which is > > relevant when for example pleding without "[rwc]path" after loading > > files into memory and before doing tls_connect(3). > > > > The manual's current wording made me use the following due to above way > > of pleding a program: > > > > tls_load_file() > > tls_config_set_ca_mem() > > tls_unload_file() > > > > While in fact the following does the same (in my case): > > > > tls_config_set_ca_file() > > > > > > So clarify this in the manual. > > > > Feedback? Objections? OK? > > Ping.
You're right. This was changed in tls_config.c r1.26 (Aug 2016) and the documentation wasn't updated. However, the diff is incomplete as this concerns all tls_config_set_*_file functions: tls_config_set_ca_file tls_config_set_cert_file tls_config_set_crl_file tls_config_set_key_file tls_config_set_keypair_file tls_config_set_keypair_ocsp_file tls_config_set_ocsp_staple_file > > > Index: man/tls_load_file.3 > =================================================================== > RCS file: /cvs/src/lib/libtls/man/tls_load_file.3,v > retrieving revision 1.11 > diff -u -p -r1.11 tls_load_file.3 > --- man/tls_load_file.3 29 Nov 2018 14:24:23 -0000 1.11 > +++ man/tls_load_file.3 10 Jun 2021 22:05:00 -0000 > @@ -217,8 +217,7 @@ call, ensuring that the memory contents > returns the path of the file that contains the default root certificates. > .Pp > .Fn tls_config_set_ca_file > -sets the filename used to load a file > -containing the root certificates. > +loads a file containing the root certificates. > .Pp > .Fn tls_config_set_ca_path > sets the path (directory) which should be searched for root > @@ -228,7 +227,7 @@ certificates. > sets the root certificates directly from memory. > .Pp > .Fn tls_config_set_cert_file > -sets file from which the public certificate will be read. > +loads a file containing the public certificate. > .Pp > .Fn tls_config_set_cert_mem > sets the public certificate directly from memory. >
