[Help-gnutls] Re: CA cert verification

Simon Josefsson jas at extundo.com
Thu Aug 25 23:57:22 CEST 2005

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

>> I fixed all reference to gnutls_certificate_verify_peers in the
>> documentation that I could find.  If you find any remaining
>> occurrences, let me know.  I also made the old function documented in
>> GTK-DOC again, but with a reference to the new function.  I fixed
>> gnutls-cli too.
>> Frankly, I'm not sure why gnutls_certificate_verify_peers is
>> deprecated.  The return values are negative for "real" errors, zero
>> for success and positive for "soft" verification errors.  Nikos?
> The problem is that it very easy for this function to be misused. 
> I didn't want to mix negative numbers and bit checking, that why I deprecated 
> it. (and since it is deprecated it shouldn't be documented since it may be 
> removed in future versions).

Having documentation say the function is deprecated may help people
move away from the function; otherwise they may stick with the
function due to absence of knowledge that it is deprecated.

Further, perhaps it is useful to do something that I do in GNU SASL
for deprecated functions.  The following causes GCC to give warnings
when someone use a deprecated function.  This hasn't caused me any
problems on any non-GCC compiler.  I'll see about installing this in


#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later.  */
# if __cplusplus == 1 || __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
#  define __attribute__(Spec)	/* empty */
# endif
extern int gsasl_client_listmech (Gsasl * ctx, char *out,
				  size_t * outlen)
  __attribute__ ((deprecated));

More information about the Gnutls-help mailing list