On Sun, Jun 20, 2021 at 09:32:36PM +0200, Theo Buehler wrote: > On Sat, Jun 19, 2021 at 03:34:39PM +0000, Klemens Nanni wrote: > > On Thu, Jun 10, 2021 at 10:26:15PM +0000, Klemens Nanni wrote: > > > tls_config_set_ca_file(3) and tls_config_set_cert_file(3) do not just > > > set the file paths (like tls_config_set_ca_path(3) does), they do load > > > the given file into memory directly using tls_config_load_file(). > > > > > > This distinction is important because it means a later tls_connect(3) > > > will not do any file I/O (at least regarding those files), which is > > > relevant when for example pleding without "[rwc]path" after loading > > > files into memory and before doing tls_connect(3). > > > > > > The manual's current wording made me use the following due to above way > > > of pleding a program: > > > > > > tls_load_file() > > > tls_config_set_ca_mem() > > > tls_unload_file() > > > > > > While in fact the following does the same (in my case): > > > > > > tls_config_set_ca_file() > > > > > > > > > So clarify this in the manual. > > > > > > Feedback? Objections? OK? > > > > Ping. > > You're right. This was changed in tls_config.c r1.26 (Aug 2016) and the > documentation wasn't updated. However, the diff is incomplete as this > concerns all tls_config_set_*_file functions: > > tls_config_set_ca_file > tls_config_set_cert_file > tls_config_set_crl_file > tls_config_set_key_file > tls_config_set_keypair_file > tls_config_set_keypair_ocsp_file > tls_config_set_ocsp_staple_file
Thanks. tls_config_add_*_file also load files into memory, but given this patch I think their usage of "add" in the manual is enough to infer that files will also be loaded and added, so no need to change those as well, I think. This should be the complete diff. Feedback? OK? Index: man/tls_load_file.3 =================================================================== RCS file: /cvs/src/lib/libtls/man/tls_load_file.3,v retrieving revision 1.11 diff -u -p -r1.11 tls_load_file.3 --- man/tls_load_file.3 29 Nov 2018 14:24:23 -0000 1.11 +++ man/tls_load_file.3 21 Jun 2021 23:24:58 -0000 @@ -217,8 +217,7 @@ call, ensuring that the memory contents returns the path of the file that contains the default root certificates. .Pp .Fn tls_config_set_ca_file -sets the filename used to load a file -containing the root certificates. +loads a file containing the root certificates. .Pp .Fn tls_config_set_ca_path sets the path (directory) which should be searched for root @@ -228,41 +227,39 @@ certificates. sets the root certificates directly from memory. .Pp .Fn tls_config_set_cert_file -sets file from which the public certificate will be read. +loads a file containing the public certificate. .Pp .Fn tls_config_set_cert_mem sets the public certificate directly from memory. .Pp .Fn tls_config_set_crl_file -sets the filename used to load a file containing the -Certificate Revocation List (CRL). +loads a file containing the Certificate Revocation List (CRL). .Pp .Fn tls_config_set_crl_mem sets the CRL directly from memory. .Pp .Fn tls_config_set_key_file -sets the file from which the private key will be read. +loads a file containing the private key. .Pp .Fn tls_config_set_key_mem directly sets the private key from memory. .Pp .Fn tls_config_set_ocsp_staple_file -sets a DER-encoded OCSP response to be stapled during the TLS handshake from -the specified file. +loads a file containing a DER-encoded OCSP response to be stapled during the TLS handshake. .Pp .Fn tls_config_set_ocsp_staple_mem sets a DER-encoded OCSP response to be stapled during the TLS handshake from memory. .Pp .Fn tls_config_set_keypair_file -sets the files from which the public certificate, and private key will be read. +loads two files from which the public certificate, and private key will be read. .Pp .Fn tls_config_set_keypair_mem directly sets the public certificate, and private key from memory. .Pp .Fn tls_config_set_keypair_ocsp_file -sets the files from which the public certificate, private key, and DER-encoded -OCSP staple will be read. +loads three files containing the public certificate, private key, and DER-encoded +OCSP staple. .Pp .Fn tls_config_set_keypair_ocsp_mem directly sets the public certificate, private key, and DER-encoded OCSP staple
