[Help-gnutls] Re: CA cert verification
Simon Josefsson
jas at extundo.com
Thu Aug 25 23:57:22 CEST 2005
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>> I fixed all reference to gnutls_certificate_verify_peers in the
>> documentation that I could find. If you find any remaining
>> occurrences, let me know. I also made the old function documented in
>> GTK-DOC again, but with a reference to the new function. I fixed
>> gnutls-cli too.
>> Frankly, I'm not sure why gnutls_certificate_verify_peers is
>> deprecated. The return values are negative for "real" errors, zero
>> for success and positive for "soft" verification errors. Nikos?
> The problem is that it very easy for this function to be misused.
> I didn't want to mix negative numbers and bit checking, that why I deprecated
> it. (and since it is deprecated it shouldn't be documented since it may be
> removed in future versions).
Having documentation say the function is deprecated may help people
move away from the function; otherwise they may stick with the
function due to absence of knowledge that it is deprecated.
Further, perhaps it is useful to do something that I do in GNU SASL
for deprecated functions. The following causes GCC to give warnings
when someone use a deprecated function. This hasn't caused me any
problems on any non-GCC compiler. I'll see about installing this in
GNUTLS too.
Cheers,
Simon
#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later. */
# if __cplusplus == 1 || __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
# define __attribute__(Spec) /* empty */
# endif
#endif
...
extern int gsasl_client_listmech (Gsasl * ctx, char *out,
size_t * outlen)
__attribute__ ((deprecated));
More information about the Gnutls-help
mailing list