* * * * *
All I'm asking for is some consistency between APIs and version numbers
When I first started working with libtls [1], I thought that TLS_API
designated a change in API (Application Programming Interface) so that one
could work with different versions of the library without breaking the
compilation process. Sadly, that wasn't the case [2], so I switched to using
LIBRESSL_VERSION_NUMBER, as that seemed to regularly change with each
version.
I was doing this so that my Lua wrapper could be compiled with any version of
libtls. Why break things unnecessarily? And things were going fine until I
hit version 2.2.1, and well …
Table: Mismatches in libtls between functions added, LIBRESSL_VERSION_NUMBER and TLS_API
Version Functions LIBRESSL_VERSION_NUMBER TLS_API
------------------------------
2.1.2 * tls_accept_socket()
* tls_client()
* tls_close()
* tls_config_clear_keys()
* tls_config_insecure_noverifycert()
* tls_config_insecure_noverifyhost()
* tls_config_set_ca_file()
* tls_config_set_ca_path()
* tls_config_set_cert_file()
* tls_config_set_cert_mem()
* tls_config_set_ciphers()
* tls_config_set_ecdhcurve()
* tls_config_set_key_file()
* tls_config_set_key_mem()
* tls_config_set_protocols()
* tls_config_set_verify_depth()
* tls_config_verify()
* tls_configure()
* tls_connect()
* tls_connect_fds()
* tls_connect_socket()
* tls_error()
* tls_free()
* tls_init()
* tls_read()
* tls_reset()
* tls_server()
* tls_write()
0x20000000 20141031
2.1.4 * tls_load_file()
0x20000000 20141031
2.2.0 * tls_accept_fds()
0x20000000 20141031
2.3.0 * tls_config_insecure_noverifytime()
* tls_config_prefer_ciphers_client()
* tls_config_prefer_ciphers_server()
* tls_config_verify_client()
* tls_config_verify_client_optional()
* tls_conn_cipher()
* tls_conn_version()
* tls_handshake()
* tls_peer_cert_contains_name()
* tls_peer_cert_hash()
* tls_peer_cert_issuer()
* tls_peer_cert_provided()
* tls_peer_cert_subject()
* tls_read() (paramter change)
* tls_write() (parameter change)
0x20030000 20141031
2.3.1 * tls_peer_cert_notafter()
* tls_peer_cert_notbefore()
0x20030001 20141031
2.4.0 * tls_config_keypair_file()
* tls_config_keypair_mem()
0x2040000f 20141031
2.5.0 * tls_accept_cbs()
* tls_config_add_keypair_file()
* tls_config_add_keypair_mem()
* tls_config_alpn()
* tls_conn_alpn_selected()
* tls_conn_servername()
* tls_connect_cbs()
0x2050000f 20160904
2.5.1 * tls_ocsp_process_response()
* tls_peer_ocsp_cert_status()
* tls_peer_ocsp_this_update()
* tls_peer_ocsp_url()
* tls_config_add_keypair_ocsp_file()
* tls_config_add_keypair_ocsp_mem()
* tls_config_add_ticket_key()
* tls_config_keypair_ocsp_file()
* tls_config_keypair_ocsp_mem()
* tls_config_ocsp_require_stapling()
* tls_config_ocsp_staple_file()
* tls_config_ocsp_staple_mem()
* tls_config_session_id()
* tls_config_session_lifetime()
* tls_peer_ocsp_crl_reason()
* tls_peer_ocsp_next_udpate()
* tls_peer_ocsp_response_status()
* tls_peer_ocsp_revocation_time()
0x2050100f 20170126
2.6.0 * tls_config_crl_file()
* tls_config_crl_mem()
* tls_peer_cert_chain_pem()
* tls_unload_file()
0x2060000f 20170126
2.6.1 * tls_config_echdecurves()
0x2060100f 20170126
2.7.0 * tls_config_session_fd()
* tls_conn_session_resumed()
0x2070000f 20180210
------------------------------
Version Functions LIBRESSL_VERSION_NUMBER TLS_API
I'm not asking for much. I'm not asking for slavish adherance to semantic
versioning [3]. I'm just asking for a consistent way to check an API to I can
support earlier versions of a library.
Don't get me wrong, I'm glad that libtls exists, and as an API, it's much
nicer than the eldritch horror of OpenSSL [4].
I just wish they had updated TLS_API (or LIBRESSL_VERSION_NUMBER)
consistently. Otherwise, why have them in the first place?
[1]
https://man.openbsd.org/tls_init.3
[2]
gopher://gopher.conman.org/0Phlog:2018/08/06.2
[3]
https://semver.org/
[4]
https://www.openbsd.org/papers/bsdcan14-libressl/mgp00005.html
Email author at
[email protected]
