On Mon, Jun 21, 2021 at 11:26:41PM +0000, Klemens Nanni wrote: > On Sun, Jun 20, 2021 at 09:32:36PM +0200, Theo Buehler wrote: > > On Sat, Jun 19, 2021 at 03:34:39PM +0000, Klemens Nanni wrote: > > > On Thu, Jun 10, 2021 at 10:26:15PM +0000, Klemens Nanni wrote: > > > > tls_config_set_ca_file(3) and tls_config_set_cert_file(3) do not just > > > > set the file paths (like tls_config_set_ca_path(3) does), they do load > > > > the given file into memory directly using tls_config_load_file(). > > > > > > > > This distinction is important because it means a later tls_connect(3) > > > > will not do any file I/O (at least regarding those files), which is > > > > relevant when for example pleding without "[rwc]path" after loading > > > > files into memory and before doing tls_connect(3). > > > > > > > > The manual's current wording made me use the following due to above way > > > > of pleding a program: > > > > > > > > tls_load_file() > > > > tls_config_set_ca_mem() > > > > tls_unload_file() > > > > > > > > While in fact the following does the same (in my case): > > > > > > > > tls_config_set_ca_file() > > > > > > > > > > > > So clarify this in the manual. > > > > > > > > Feedback? Objections? OK? > > > > > > Ping. > > > > You're right. This was changed in tls_config.c r1.26 (Aug 2016) and the > > documentation wasn't updated. However, the diff is incomplete as this > > concerns all tls_config_set_*_file functions: > > > > tls_config_set_ca_file > > tls_config_set_cert_file > > tls_config_set_crl_file > > tls_config_set_key_file > > tls_config_set_keypair_file > > tls_config_set_keypair_ocsp_file > > tls_config_set_ocsp_staple_file > > Thanks. tls_config_add_*_file also load files into memory, but given > this patch I think their usage of "add" in the manual is enough to infer > that files will also be loaded and added, so no need to change those as > well, I think.
Agreed. > This should be the complete diff. > > Feedback? OK? You have two overlong lines as indicated below. I would have thought that mandoc -Tlint complains about that, but apparently it doesn't have such a warning... With those wrapped, ok tb > > Index: man/tls_load_file.3 > =================================================================== > RCS file: /cvs/src/lib/libtls/man/tls_load_file.3,v > retrieving revision 1.11 > diff -u -p -r1.11 tls_load_file.3 > --- man/tls_load_file.3 29 Nov 2018 14:24:23 -0000 1.11 > +++ man/tls_load_file.3 21 Jun 2021 23:24:58 -0000 > @@ -217,8 +217,7 @@ call, ensuring that the memory contents > returns the path of the file that contains the default root certificates. > .Pp > .Fn tls_config_set_ca_file > -sets the filename used to load a file > -containing the root certificates. > +loads a file containing the root certificates. > .Pp > .Fn tls_config_set_ca_path > sets the path (directory) which should be searched for root > @@ -228,41 +227,39 @@ certificates. > sets the root certificates directly from memory. > .Pp > .Fn tls_config_set_cert_file > -sets file from which the public certificate will be read. > +loads a file containing the public certificate. > .Pp > .Fn tls_config_set_cert_mem > sets the public certificate directly from memory. > .Pp > .Fn tls_config_set_crl_file > -sets the filename used to load a file containing the > -Certificate Revocation List (CRL). > +loads a file containing the Certificate Revocation List (CRL). > .Pp > .Fn tls_config_set_crl_mem > sets the CRL directly from memory. > .Pp > .Fn tls_config_set_key_file > -sets the file from which the private key will be read. > +loads a file containing the private key. > .Pp > .Fn tls_config_set_key_mem > directly sets the private key from memory. > .Pp > .Fn tls_config_set_ocsp_staple_file > -sets a DER-encoded OCSP response to be stapled during the TLS handshake from > -the specified file. > +loads a file containing a DER-encoded OCSP response to be stapled during the > TLS handshake. line break before "during" > .Pp > .Fn tls_config_set_ocsp_staple_mem > sets a DER-encoded OCSP response to be stapled during the TLS handshake from > memory. > .Pp > .Fn tls_config_set_keypair_file > -sets the files from which the public certificate, and private key will be > read. > +loads two files from which the public certificate, and private key will be > read. > .Pp > .Fn tls_config_set_keypair_mem > directly sets the public certificate, and private key from memory. > .Pp > .Fn tls_config_set_keypair_ocsp_file > -sets the files from which the public certificate, private key, and > DER-encoded > -OCSP staple will be read. > +loads three files containing the public certificate, private key, and > DER-encoded line break: ... key, and DER-encoded OCSP staple. > +OCSP staple. > .Pp > .Fn tls_config_set_keypair_ocsp_mem > directly sets the public certificate, private key, and DER-encoded OCSP > staple
