When I first started working with libtls
,
I thought that TLS_API
designated a change in API so that one could work with different versions of the library
without breaking the compilation process.
Sadly,
that wasn't the case,
so I switched to using LIBRESSL_VERSION_NUMBER
,
as that seemed to regularly change with each version.
I was doing this so that my Lua wrapper could be compiled with any version of libtls
.
Why break things unnecessarily?
And things were going fine until I hit version 2.2.1,
and well …
Mismatches in libtls
between functions added,
LIBRESSL_VERSION_NUMBER
and TLS_API
Version |
Functions |
LIBRESSL_VERSION_NUMBER |
TLS_API |
Version |
Functions |
LIBRESSL_VERSION_NUMBER |
TLS_API |
2.1.2 |
tls_accept_socket()
tls_client()
tls_close()
tls_config_clear_keys()
tls_config_insecure_noverifycert()
tls_config_insecure_noverifyhost()
tls_config_set_ca_file()
tls_config_set_ca_path()
tls_config_set_cert_file()
tls_config_set_cert_mem()
tls_config_set_ciphers()
tls_config_set_ecdhcurve()
tls_config_set_key_file()
tls_config_set_key_mem()
tls_config_set_protocols()
tls_config_set_verify_depth()
tls_config_verify()
tls_configure()
tls_connect()
tls_connect_fds()
tls_connect_socket()
tls_error()
tls_free()
tls_init()
tls_read()
tls_reset()
tls_server()
tls_write()
|
0x20000000 |
20141031 |
2.1.4 |
|
0x20000000 |
20141031 |
2.2.0 |
|
0x20000000 |
20141031 |
2.3.0 |
tls_config_insecure_noverifytime()
tls_config_prefer_ciphers_client()
tls_config_prefer_ciphers_server()
tls_config_verify_client()
tls_config_verify_client_optional()
tls_conn_cipher()
tls_conn_version()
tls_handshake()
tls_peer_cert_contains_name()
tls_peer_cert_hash()
tls_peer_cert_issuer()
tls_peer_cert_provided()
tls_peer_cert_subject()
tls_read() (paramter change)
tls_write() (parameter change)
|
0x20030000 |
20141031 |
2.3.1 |
tls_peer_cert_notafter()
tls_peer_cert_notbefore()
|
0x20030001 |
20141031 |
2.4.0 |
tls_config_keypair_file()
tls_config_keypair_mem()
|
0x2040000f |
20141031 |
2.5.0 |
tls_accept_cbs()
tls_config_add_keypair_file()
tls_config_add_keypair_mem()
tls_config_alpn()
tls_conn_alpn_selected()
tls_conn_servername()
tls_connect_cbs()
|
0x2050000f |
20160904 |
2.5.1 |
tls_ocsp_process_response()
tls_peer_ocsp_cert_status()
tls_peer_ocsp_this_update()
tls_peer_ocsp_url()
tls_config_add_keypair_ocsp_file()
tls_config_add_keypair_ocsp_mem()
tls_config_add_ticket_key()
tls_config_keypair_ocsp_file()
tls_config_keypair_ocsp_mem()
tls_config_ocsp_require_stapling()
tls_config_ocsp_staple_file()
tls_config_ocsp_staple_mem()
tls_config_session_id()
tls_config_session_lifetime()
tls_peer_ocsp_crl_reason()
tls_peer_ocsp_next_udpate()
tls_peer_ocsp_response_status()
tls_peer_ocsp_revocation_time()
|
0x2050100f |
20170126 |
2.6.0 |
tls_config_crl_file()
tls_config_crl_mem()
tls_peer_cert_chain_pem()
tls_unload_file()
|
0x2060000f |
20170126 |
2.6.1 |
|
0x2060100f |
20170126 |
2.7.0 |
tls_config_session_fd()
tls_conn_session_resumed()
|
0x2070000f |
20180210 |
I'm not asking for much.
I'm not asking for slavish adherance to semantic versioning.
I'm just asking for a consistent way to check an API to I can support earlier versions of a library.
Don't get me wrong,
I'm glad that libtls
exists,
and as an API,
it's much nicer than the eldritch horror of OpenSSL.
I just wish they had updated TLS_API
(or LIBRESSL_VERSION_NUMBER
) consistently.
Otherwise,
why have them in the first place?
You have my permission to link freely to any entry here. Go
ahead, I won't bite. I promise.
The dates are the permanent links to that day's entries (or
entry, if there is only one entry). The titles are the permanent
links to that entry only. The format for the links are
simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are
interested in, say 2000/08/01,
so that would make the final URL:
https://boston.conman.org/2000/08/01
You can also specify the entire month by leaving off the day
portion. You can even select an arbitrary portion of time.
You may also note subtle shading of the links and that's
intentional: the “closer” the link is (relative to the
page) the “brighter” it appears. It's an experiment in
using color shading to denote the distance a link is from here. If
you don't notice it, don't worry; it's not all that
important.
It is assumed that every brand name, slogan, corporate name,
symbol, design element, et cetera mentioned in these pages is a
protected and/or trademarked entity, the sole property of its
owner(s), and acknowledgement of this status is implied.