PR changes

Sources/NIOCertificateReloading/CertificateReloader.swift

@@ -66,6 +66,8 @@ extension TLSConfiguration {
     /// - Parameter certificateReloader: A ``CertificateReloader`` to watch for certificate and key pair updates.
     /// - Returns: A ``NIOSSL/TLSConfiguration`` for use with server-side contexts, that reloads the certificate and key
     /// used in its SSL handshake.
+    /// - Throws: This method will throw if an override isn't present. This may happen if a certificate or private key could not be
+    /// loaded from the given paths.
     public static func makeServerConfiguration(
         certificateReloader: some CertificateReloader
     ) throws -> Self {
@@ -87,6 +89,30 @@ extension TLSConfiguration {
         return configuration
     }
 
+    /// Create a ``NIOSSL/TLSConfiguration`` for use with client-side contexts, with certificate reloading enabled.
+    /// - Parameter certificateReloader: A ``CertificateReloader`` to watch for certificate and key pair updates.
+    /// - Returns: A ``NIOSSL/TLSConfiguration`` for use with client-side contexts, that reloads the certificate and key
+    /// used in its SSL handshake.
+    /// - Throws: This method will throw if an override isn't present. This may happen if a certificate or private key could not be
+    /// loaded from the given paths.
+    public static func makeClientConfiguration(
+        certificateReloader: some CertificateReloader
+    ) throws -> Self {
+        let override = certificateReloader.sslContextConfigurationOverride
+
+        guard override.certificateChain != nil else {
+            throw CertificateReloaderError.missingCertificateChain
+        }
+
+        guard override.privateKey != nil else {
+            throw CertificateReloaderError.missingPrivateKey
+        }
+
+        var configuration = Self.makeClientConfiguration()
+        configuration.setCertificateReloader(certificateReloader)
+        return configuration
+    }
+
     /// Configure a ``CertificateReloader`` to observe updates for the certificate and key pair used.
     /// - Parameter reloader: A ``CertificateReloader`` to watch for certificate and key pair updates.
     mutating public func setCertificateReloader(_ reloader: some CertificateReloader) {

Sources/NIOCertificateReloading/TimedCertificateReloader.swift

@@ -53,6 +53,9 @@ import Foundation
 /// configuration.setCertificateReloader(reloader)
 /// ```
 ///
+/// Finally, you must call ``run()`` on the reloader for it to start observing changes.
+/// If you want to trigger a manual reload at any point, you may call ``reload()``.
+///
 /// If you're creating a server configuration, you can instead opt to use
 /// ``NIOSSL/TLSConfiguration/makeServerConfiguration(certificateReloader:)``, which will set the initial
 /// certificate chain and private key, as well as set the reloader:
@@ -63,8 +66,17 @@ import Foundation
 /// )
 /// ```
 ///
-/// Finally, you must call ``run()`` on the reloader for it to start observing changes.
-/// If you want to trigger a manual reload at any point, you may call ``reload()``.
+/// If you're creating a client configuration, you can instead opt to use
+/// ``NIOSSL/TLSConfiguration/makeClientConfiguration(certificateReloader:)`` which will set the reloader:
+/// ```swift
+/// let configuration = TLSConfiguration.makeClientConfiguration(
+///     certificateReloader: reloader
+/// )
+/// ```
+///
+/// In both cases, make sure you've either called ``run()`` or created the ``TimedCertificateReloader`` using
+/// ``makeReloaderValidatingSources(refreshInterval:certificateSource:privateKeySource:logger:)``
+/// _before_ creating the ``NIOSSL/TLSConfiguration``, as otherwise the validation will fail.
 ///
 /// Once the reloader is running, you can manually access its ``sslContextConfigurationOverride`` property to get a
 /// `NIOSSLContextConfigurationOverride`, although this will typically not be necessary, as it's the NIO channel that will