pushssl(2), pushtls(2): clarify filedescriptor closing

2 files changed, 25 insertions, 0 deletions

diff --git a/sys/man/2/pushssl b/sys/man/2/pushssl
index efd552943..76c895286 100644
--- a/sys/man/2/pushssl
+++ b/sys/man/2/pushssl
@@ -36,6 +36,10 @@ returns a file descriptor for the SSL data channel.  Anything written to this
 descriptor will get encrypted and authenticated and then written to the
 file descriptor,
 .IR fd .
+.I Pushssl
+closes the original file descriptor
+.IR fd
+on success.
 .SH SOURCE
 .B /sys/src/libc/9sys
 .SH "SEE ALSO"
diff --git a/sys/man/2/pushtls b/sys/man/2/pushtls
index d9de3717c..1f3fa2b94 100644
--- a/sys/man/2/pushtls
+++ b/sys/man/2/pushtls
@@ -75,6 +75,11 @@ returns a file descriptor for the TLS data channel.  Anything written to this
 descriptor will get encrypted and authenticated and then written to the
 file descriptor,
 .IR fd .
+.I Pushtls ,
+.IR tlsClient
+and
+.IR tlsServer
+close the original file descriptor on success.
 If
 .I dir
 is non-zero, the path name of the connection directory is copied into
@@ -247,6 +252,22 @@ Return \-1 on failure.
 Client certificates and client sessionIDs are not yet
 implemented.
 .PP
+Note that
+.IR pushtls ,
+.IR tlsClient
+and
+.IR tlsServer
+do not close the original file descriptor on failure,
+only on success. 
+.PP
+The
+.IR sessionID
+and
+.IR cert
+pointers in the
+.IR TLSconn
+structure have to be freed by the caller.
+.PP
 Note that in the TLS protocol
 .I sessionID
 itself is public;  it is used as a pointer to