All I'm asking for is some consistency between APIs and version numbers
When I first started working with libtls [1], I thought that TLS_API designated a change in API (Application Programming Interface) so that one could work with different versions of the library without breaking the compilation process. Sadly, that wasn't the case [2], so I switched to using LIBRESSL_VERSION_NUMBER, as that seemed to regularly change with each version.
I was doing this so that my Lua wrapper could be compiled with any version of libtls. Why break things unnecessarily? And things were going fine until I hit version 2.2.1, and well …
Table: Mismatches in libtls between functions added, LIBRESSL_VERSION_NUMBER and TLS_API
Version Functions LIBRESSL_VERSION_NUMBER TLS_API
------------------------------
2.1.2 * tls_accept_socket()
- tls_client()
- tls_close()
- tls_config_clear_keys()
- tls_config_insecure_noverifycert()
- tls_config_insecure_noverifyhost()
- tls_config_set_ca_file()
- tls_config_set_ca_path()
- tls_config_set_cert_file()
- tls_config_set_cert_mem()
- tls_config_set_ciphers()
- tls_config_set_ecdhcurve()
- tls_config_set_key_file()
- tls_config_set_key_mem()
- tls_config_set_protocols()
- tls_config_set_verify_depth()
- tls_config_verify()
- tls_configure()
- tls_connect()
- tls_connect_fds()
- tls_connect_socket()
- tls_error()
- tls_free()
- tls_init()
- tls_read()
- tls_reset()
- tls_server()
- tls_write()
0x20000000 20141031
2.1.4 * tls_load_file()
0x20000000 20141031
2.2.0 * tls_accept_fds()
0x20000000 20141031
2.3.0 * tls_config_insecure_noverifytime()
- tls_config_prefer_ciphers_client()
- tls_config_prefer_ciphers_server()
- tls_config_verify_client()
- tls_config_verify_client_optional()
- tls_conn_cipher()
- tls_conn_version()
- tls_handshake()
- tls_peer_cert_contains_name()
- tls_peer_cert_hash()
- tls_peer_cert_issuer()
- tls_peer_cert_provided()
- tls_peer_cert_subject()
- tls_read() (paramter change)
- tls_write() (parameter change)
0x20030000 20141031
2.3.1 * tls_peer_cert_notafter()
- tls_peer_cert_notbefore()
0x20030001 20141031
2.4.0 * tls_config_keypair_file()
0x2040000f 20141031
2.5.0 * tls_accept_cbs()
- tls_config_add_keypair_file()
- tls_config_add_keypair_mem()
- tls_config_alpn()
- tls_conn_alpn_selected()
- tls_conn_servername()
- tls_connect_cbs()
0x2050000f 20160904
2.5.1 * tls_ocsp_process_response()
- tls_peer_ocsp_cert_status()
- tls_peer_ocsp_this_update()
- tls_peer_ocsp_url()
- tls_config_add_keypair_ocsp_file()
- tls_config_add_keypair_ocsp_mem()
- tls_config_add_ticket_key()
- tls_config_keypair_ocsp_file()
- tls_config_keypair_ocsp_mem()
- tls_config_ocsp_require_stapling()
- tls_config_ocsp_staple_file()
- tls_config_ocsp_staple_mem()
- tls_config_session_id()
- tls_config_session_lifetime()
- tls_peer_ocsp_crl_reason()
- tls_peer_ocsp_next_udpate()
- tls_peer_ocsp_response_status()
- tls_peer_ocsp_revocation_time()
0x2050100f 20170126
2.6.0 * tls_config_crl_file()
- tls_config_crl_mem()
- tls_peer_cert_chain_pem()
- tls_unload_file()
0x2060000f 20170126
2.6.1 * tls_config_echdecurves()
0x2060100f 20170126
2.7.0 * tls_config_session_fd()
- tls_conn_session_resumed()
0x2070000f 20180210
------------------------------
Version Functions LIBRESSL_VERSION_NUMBER TLS_API
I'm not asking for much. I'm not asking for slavish adherance to semantic versioning [3]. I'm just asking for a consistent way to check an API to I can support earlier versions of a library.
Don't get me wrong, I'm glad that libtls exists, and as an API, it's much nicer than the eldritch horror of OpenSSL [4].
I just wish they had updated TLS_API (or LIBRESSL_VERSION_NUMBER) consistently. Otherwise, why have them in the first place?
[1] https://man.openbsd.org/tls_init.3
[2] /boston/2018/08/06.2
[3] https://semver.org/
[4] https://www.openbsd.org/papers/bsdcan14-libressl/mgp00005.html
Gemini Mention this post
Contact the author