The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Tuesday, August 07, 2018

All I'm asking for is some consistency between APIs and version numbers

When I first started working with libtls, I thought that TLS_API designated a change in API so that one could work with different versions of the library without breaking the compilation process. Sadly, that wasn't the case, so I switched to using LIBRESSL_VERSION_NUMBER, as that seemed to regularly change with each version.

I was doing this so that my Lua wrapper could be compiled with any version of libtls. Why break things unnecessarily? And things were going fine until I hit version 2.2.1, and well …

Mismatches in libtls between functions added, LIBRESSL_VERSION_NUMBER and TLS_API
  • tls_accept_socket()
  • tls_client()
  • tls_close()
  • tls_config_clear_keys()
  • tls_config_insecure_noverifycert()
  • tls_config_insecure_noverifyhost()
  • tls_config_set_ca_file()
  • tls_config_set_ca_path()
  • tls_config_set_cert_file()
  • tls_config_set_cert_mem()
  • tls_config_set_ciphers()
  • tls_config_set_ecdhcurve()
  • tls_config_set_key_file()
  • tls_config_set_key_mem()
  • tls_config_set_protocols()
  • tls_config_set_verify_depth()
  • tls_config_verify()
  • tls_configure()
  • tls_connect()
  • tls_connect_fds()
  • tls_connect_socket()
  • tls_error()
  • tls_free()
  • tls_init()
  • tls_read()
  • tls_reset()
  • tls_server()
  • tls_write()
0x20000000 20141031
  • tls_load_file()
0x20000000 20141031
  • tls_accept_fds()
0x20000000 20141031
  • tls_config_insecure_noverifytime()
  • tls_config_prefer_ciphers_client()
  • tls_config_prefer_ciphers_server()
  • tls_config_verify_client()
  • tls_config_verify_client_optional()
  • tls_conn_cipher()
  • tls_conn_version()
  • tls_handshake()
  • tls_peer_cert_contains_name()
  • tls_peer_cert_hash()
  • tls_peer_cert_issuer()
  • tls_peer_cert_provided()
  • tls_peer_cert_subject()
  • tls_read() (paramter change)
  • tls_write() (parameter change)
0x20030000 20141031
  • tls_peer_cert_notafter()
  • tls_peer_cert_notbefore()
0x20030001 20141031
  • tls_config_keypair_file()
  • tls_config_keypair_mem()
0x2040000f 20141031
  • tls_accept_cbs()
  • tls_config_add_keypair_file()
  • tls_config_add_keypair_mem()
  • tls_config_alpn()
  • tls_conn_alpn_selected()
  • tls_conn_servername()
  • tls_connect_cbs()
0x2050000f 20160904
  • tls_ocsp_process_response()
  • tls_peer_ocsp_cert_status()
  • tls_peer_ocsp_this_update()
  • tls_peer_ocsp_url()
  • tls_config_add_keypair_ocsp_file()
  • tls_config_add_keypair_ocsp_mem()
  • tls_config_add_ticket_key()
  • tls_config_keypair_ocsp_file()
  • tls_config_keypair_ocsp_mem()
  • tls_config_ocsp_require_stapling()
  • tls_config_ocsp_staple_file()
  • tls_config_ocsp_staple_mem()
  • tls_config_session_id()
  • tls_config_session_lifetime()
  • tls_peer_ocsp_crl_reason()
  • tls_peer_ocsp_next_udpate()
  • tls_peer_ocsp_response_status()
  • tls_peer_ocsp_revocation_time()
0x2050100f 20170126
  • tls_config_crl_file()
  • tls_config_crl_mem()
  • tls_peer_cert_chain_pem()
  • tls_unload_file()
0x2060000f 20170126
  • tls_config_echdecurves()
0x2060100f 20170126
  • tls_config_session_fd()
  • tls_conn_session_resumed()
0x2070000f 20180210

I'm not asking for much. I'm not asking for slavish adherance to semantic versioning. I'm just asking for a consistent way to check an API to I can support earlier versions of a library.

Don't get me wrong, I'm glad that libtls exists, and as an API, it's much nicer than the eldritch horror of OpenSSL.

I just wish they had updated TLS_API (or LIBRESSL_VERSION_NUMBER) consistently. Otherwise, why have them in the first place?

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site:, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.