crypto/tls: document certificate chains in LoadX509KeyPair

author Scott Bell <scott@sctsm.com>

Mon, 16 May 2016 19:51:52 +0000 (12:51 -0700)

committer Brad Fitzpatrick <bradfitz@golang.org>

Mon, 16 May 2016 23:19:05 +0000 (23:19 +0000)
author Scott Bell <scott@sctsm.com>
Mon, 16 May 2016 19:51:52 +0000 (12:51 -0700)
committer Brad Fitzpatrick <bradfitz@golang.org>
Mon, 16 May 2016 23:19:05 +0000 (23:19 +0000)
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go

index 0be0b42912eeff660bf8957f377544679ca22ddf..25dc386f53c8c9aee09011a36ea2f22608e7ec06 100644 (file)
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -170,10 +170,11 @@ func Dial(network, addr string, config *Config) (*Conn, error) {
         return DialWithDialer(new(net.Dialer), network, addr, config)
  }
  
-// LoadX509KeyPair reads and parses a public/private key pair from a pair of
-// files. The files must contain PEM encoded data. On successful return,
-// Certificate.Leaf will be nil because the parsed form of the certificate is
-// not retained.
+// LoadX509KeyPair reads and parses a public/private key pair from a pair
+// of files. The files must contain PEM encoded data. The certificate file
+// may contain intermediate certificates following the leaf certificate to
+// form a certificate chain. On successful return, Certificate.Leaf will
+// be nil because the parsed form of the certificate is not retained.
  func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) {
         certPEMBlock, err := ioutil.ReadFile(certFile)
         if err != nil {
author	Scott Bell <scott@sctsm.com>
	Mon, 16 May 2016 19:51:52 +0000 (12:51 -0700)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Mon, 16 May 2016 23:19:05 +0000 (23:19 +0000)