* * * * * All I'm asking for is some consistency between APIs and version numbers When I first started working with libtls [1], I thought that TLS_API designated a change in API (Application Programming Interface) so that one could work with different versions of the library without breaking the compilation process. Sadly, that wasn't the case [2], so I switched to using LIBRESSL_VERSION_NUMBER, as that seemed to regularly change with each version. I was doing this so that my Lua wrapper could be compiled with any version of libtls. Why break things unnecessarily? And things were going fine until I hit version 2.2.1, and well … Table: Mismatches in libtls between functions added, LIBRESSL_VERSION_NUMBER and TLS_API Version Functions LIBRESSL_VERSION_NUMBER TLS_API ------------------------------ 2.1.2 * tls_accept_socket() * tls_client() * tls_close() * tls_config_clear_keys() * tls_config_insecure_noverifycert() * tls_config_insecure_noverifyhost() * tls_config_set_ca_file() * tls_config_set_ca_path() * tls_config_set_cert_file() * tls_config_set_cert_mem() * tls_config_set_ciphers() * tls_config_set_ecdhcurve() * tls_config_set_key_file() * tls_config_set_key_mem() * tls_config_set_protocols() * tls_config_set_verify_depth() * tls_config_verify() * tls_configure() * tls_connect() * tls_connect_fds() * tls_connect_socket() * tls_error() * tls_free() * tls_init() * tls_read() * tls_reset() * tls_server() * tls_write() 0x20000000 20141031 2.1.4 * tls_load_file() 0x20000000 20141031 2.2.0 * tls_accept_fds() 0x20000000 20141031 2.3.0 * tls_config_insecure_noverifytime() * tls_config_prefer_ciphers_client() * tls_config_prefer_ciphers_server() * tls_config_verify_client() * tls_config_verify_client_optional() * tls_conn_cipher() * tls_conn_version() * tls_handshake() * tls_peer_cert_contains_name() * tls_peer_cert_hash() * tls_peer_cert_issuer() * tls_peer_cert_provided() * tls_peer_cert_subject() * tls_read() (paramter change) * tls_write() (parameter change) 0x20030000 20141031 2.3.1 * tls_peer_cert_notafter() * tls_peer_cert_notbefore() 0x20030001 20141031 2.4.0 * tls_config_keypair_file() * tls_config_keypair_mem() 0x2040000f 20141031 2.5.0 * tls_accept_cbs() * tls_config_add_keypair_file() * tls_config_add_keypair_mem() * tls_config_alpn() * tls_conn_alpn_selected() * tls_conn_servername() * tls_connect_cbs() 0x2050000f 20160904 2.5.1 * tls_ocsp_process_response() * tls_peer_ocsp_cert_status() * tls_peer_ocsp_this_update() * tls_peer_ocsp_url() * tls_config_add_keypair_ocsp_file() * tls_config_add_keypair_ocsp_mem() * tls_config_add_ticket_key() * tls_config_keypair_ocsp_file() * tls_config_keypair_ocsp_mem() * tls_config_ocsp_require_stapling() * tls_config_ocsp_staple_file() * tls_config_ocsp_staple_mem() * tls_config_session_id() * tls_config_session_lifetime() * tls_peer_ocsp_crl_reason() * tls_peer_ocsp_next_udpate() * tls_peer_ocsp_response_status() * tls_peer_ocsp_revocation_time() 0x2050100f 20170126 2.6.0 * tls_config_crl_file() * tls_config_crl_mem() * tls_peer_cert_chain_pem() * tls_unload_file() 0x2060000f 20170126 2.6.1 * tls_config_echdecurves() 0x2060100f 20170126 2.7.0 * tls_config_session_fd() * tls_conn_session_resumed() 0x2070000f 20180210 ------------------------------ Version Functions LIBRESSL_VERSION_NUMBER TLS_API I'm not asking for much. I'm not asking for slavish adherance to semantic versioning [3]. I'm just asking for a consistent way to check an API to I can support earlier versions of a library. Don't get me wrong, I'm glad that libtls exists, and as an API, it's much nicer than the eldritch horror of OpenSSL [4]. I just wish they had updated TLS_API (or LIBRESSL_VERSION_NUMBER) consistently. Otherwise, why have them in the first place? [1] https://man.openbsd.org/tls_init.3 [2] gopher://gopher.conman.org/0Phlog:2018/08/06.2 [3] https://semver.org/ [4] https://www.openbsd.org/papers/bsdcan14-libressl/mgp00005.html Email Sean Conner at sean@conman.org .