PKI: Document intermediate CAs

Correct some typos

examples/coap-server.c

@@ -2260,12 +2260,12 @@ usage(const char *program, const char *version) {
  "\t-C cafile\tPEM file or PKCS11 URI that contains a list of one or\n"
  "\t \t\tmore CAs that are to be passed to the client for the\n"
  "\t \t\tclient to determine what client certificate to use.\n"
- "\t \t\tNormally, this list of CAs would be the root CA and and\n"
+ "\t \t\tNormally, this list of CAs would be the root CA and\n"
  "\t \t\tany intermediate CAs. Ideally the server certificate\n"
  "\t \t\tshould be signed by the same CA so that mutual\n"
  "\t \t\tauthentication can take place. The contents of cafile\n"
  "\t \t\tare added to the trusted store of root CAs.\n"
- "\t \t\tUsing the -C or -R options will will trigger the\n"
+ "\t \t\tUsing the -C or -R options will trigger the\n"
  "\t \t\tvalidation of the client certificate unless overridden\n"
  "\t \t\tby the -n option\n"
  "\t-J pkcs11_pin\tThe user pin to unlock access to the PKCS11 token\n"
@@ -2281,7 +2281,7 @@ usage(const char *program, const char *version) {
  "\t \t\tUsing '-R trust_casfile' disables common CA mutual\n"
  "\t \t\tauthentication which can only be done by using\n"
  "\t \t\t'-C cafile'.\n"
- "\t \t\tUsing the -C or -R options will will trigger the\n"
+ "\t \t\tUsing the -C or -R options will trigger the\n"
  "\t \t\tvalidation of the client certificate unless overridden\n"
  "\t \t\tby the -n option\n"
  "\t-S match_pki_sni_file\n"

include/coap3/coap_dtls.h

@@ -196,7 +196,8 @@ typedef enum coap_pki_key_t {
  * The structure that holds the PKI PEM definitions.
  */
 typedef struct coap_pki_key_pem_t {
- const char *ca_file; /**< File location of Common CA in PEM format */
+ const char *ca_file; /**< File location of Common CA (and any
+ intermediates) in PEM format */
  const char *public_cert; /**< File location of Public Cert */
  const char *private_key; /**< File location of Private Key in PEM format */
 } coap_pki_key_pem_t;

man/coap-server.txt.in

@@ -209,11 +209,11 @@ definitions have to be in DER, not PEM, format. Otherwise all of
 *-C* cafile::
  PEM file or PKCS11 URI that contains a list of one or more CAs that are to
  be passed to the client for the client to determine what client certificate
- to use. Normally, this list of CAs would be the root CA and and any
+ to use. Normally, this list of CAs would be the root CA and any
  intermediate CAs. Ideally the server certificate should be signed by the
  same CA so that mutual authentication can take place. The contents of
  *cafile* are added to the trusted store of root CAs. Using the *-C* or *-R*
- options will will trigger the validation of the client certificate unless
+ options will trigger the validation of the client certificate unless
  overridden by the *-n* option.
 
 *-J* pkcs11_pin::
@@ -230,7 +230,7 @@ definitions have to be in DER, not PEM, format. Otherwise all of
  directory containing a set of CA PEM files. The *-C cafile* CA does not have
  to be in this list and is trusted for the validation. Using
  *-R trust_casfile* disables common CA mutual authentication which can only
- be done by using *-C cafile*. Using the *-C* or *-R* options will will
+ be done by using *-C cafile*. Using the *-C* or *-R* options will
  trigger the validation of the server certificate unless overridden by the
  *-n* option.
 

man/coap_encryption.txt.in

@@ -687,7 +687,8 @@ COAP_PKI_KEY_PKCS11.
 [source, c]
 ----
 typedef struct coap_pki_key_pem_t {
- const char *ca_file; /* File location of Common CA in PEM format */
+ const char *ca_file; /* File location of Common CA (and any
+ intermediates) in PEM format */
  const char *public_cert; /* File location of Public Cert */
  const char *private_key; /* File location of Private Key in PEM format */
 } coap_pki_key_pem_t;