[gnutls-dev] Work in progress: GnuTLS 2.2 release notes on API changes

Simon Josefsson simon at josefsson.org
Wed Nov 14 17:13:21 CET 2007 

I'll roll a gnutls 2.2 release candidate within a few days, and I'm
starting to prepare the release notes for the final release.  Since we
are breaking the API/ABI version, we need careful documentation.

Here is a starting point, based on a 'diff -ru' of includes/ between
latest 2.0 and 2.1.  What have I missed?  Other thoughts?  Please let me
know what you think.  Language fixes are very appreciated, English isn't
my strong subject...  Thoughts on the gnutls_set_default_priority change
are also appreciated.

/Simon

API changes in GnuTLS 2.2
=========================

To adapt to changes in the TLS extension specifications for OpenPGP and
SRP, the GnuTLS API had to be modified.  Since we had to modify the API,
we decided to do some long pending API cleanups as well.  Generally,
most applications do not need to be modified.  Just re-compile it
against the latest GnuTLS release should work.  However, applications
that use the OpenPGP or SRP features needs to be modified.  Below is a
list of the modified APIs and discussion of what you need to modify in
your application.

General changes
---------------

The functions `gnutls_set_default_priority',
`gnutls_set_default_export_priority' have been replaced by
`gnutls_set_default_priority2'.  There are compatibility mappings from
the old names to the new.  (XXX: do we really need to do this?  Seems
frivolous to me, at least `gnutls_set_default_priority' is very common,
and could be kept around and supported in the future.)

The function `gnutls_x509_crt_to_xml' was removed, it has not done
anything (except returning an error code) since around GnuTLS 1.2.
Nobody has complained, so users doesn't seem to miss the functionality.
We don't know of any libraries to convert X.509 certificates into XML
format, but we decided (long ago) that GnuTLS isn't the right place for
this kind of functionality.

SRP related changes
-------------------

The callback gnutls_srp_client_credentials_function has a new prototype,
and its semantic has changed.  You need to rewrite the callback, see the
updated function documentation and examples for more information.

The alert codes GNUTLS_A_MISSING_SRP_USERNAME and
GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP
specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert should be
used.  There are #define's to map the old names to the new.

OpenPGP related changes
-----------------------

The functions `gnutls_certificate_set_openpgp_key_file',
`gnutls_certificate_set_openpgp_key_mem',
`gnutls_certificate_set_openpgp_keyring_mem', and
`gnutls_certificate_set_openpgp_keyring_file' has an added parameter of
the (new) type `gnutls_openpgp_crt_fmt_t'.  The type specify the format
of the data (binary or base64).

The function `gnutls_certificate_set_openpgp_keyserver' have been
removed.  There is no replacement functionality inside GnuTLS.  If you
need keyserver functionality, consider using the GnuPG tools.

All functions related to OpenPGP trustdb format have been removed, since
the trustdb was a non-standard GnuPG-specific format.  Use key rings
instead.  The removed functions and types are:

 gnutls_certificate_set_openpgp_trustdb
 gnutls_openpgp_trustdb_init
 gnutls_openpgp_trustdb_deinit
 gnutls_openpgp_trustdb_import
 gnutls_openpgp_key_verify_trustdb
 gnutls_openpgp_trustdb_t
 GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED

To align terminology, some functions or types have been renamed.
Compatibility mappings exists.  The old and new names of the affected
functions are:

        Old name                                New name
 gnutls_openpgp_key_init                 gnutls_openpgp_crt_init
 gnutls_openpgp_key_deinit               gnutls_openpgp_crt_deinit
 gnutls_openpgp_key_import               gnutls_openpgp_crt_import
 gnutls_openpgp_key_export               gnutls_openpgp_crt_export
 gnutls_openpgp_key_get_key_usage        gnutls_openpgp_crt_get_key_usage
 gnutls_openpgp_key_get_fingerprint      gnutls_openpgp_crt_get_fingerprint
 gnutls_openpgp_key_get_pk_algorithm     gnutls_openpgp_crt_get_pk_algorithm
 gnutls_openpgp_key_get_name             gnutls_openpgp_crt_get_name
 gnutls_openpgp_key_get_version          gnutls_openpgp_crt_get_version
 gnutls_openpgp_key_get_creation_time    gnutls_openpgp_crt_get_creation_time
 gnutls_openpgp_key_get_expiration_time  gnutls_openpgp_crt_get_expiration_time
 gnutls_openpgp_key_get_id               gnutls_openpgp_crt_get_id
 gnutls_openpgp_key_check_hostname       gnutls_openpgp_crt_check_hostname
 gnutls_openpgp_send_key                 gnutls_openpgp_send_cert
 gnutls_openpgp_key_status_t             gnutls_openpgp_crt_status_t
 GNUTLS_OPENPGP_KEY                      GNUTLS_OPENPGP_CERT
 GNUTLS_OPENPGP_KEY_FINGERPRINT          GNUTLS_OPENPGP_CERT_FINGERPRINT
 gnutls_openpgp_key_t                    gnutls_openpgp_crt_t

More information about the Gnutls-devel mailing list