wolfSSL and Application Binary Compatibility

To help out with customers who want to update the wolfSSL library without needing to change their application, wolfSSL Inc is striving to maintain application binary compatibility with a subset of our API. As of wolfSSL v4.3.0, the following functions will be compatible across all releases of wolfSSL moving forward:

wolfSSL_InitwolfSSL_UseSNI
wolfTLSv1_2_client_methodwolfSSL_CTX_UseSNI
wolfTLSv1_3_client_methodwc_ecc_init_ex
wolfSSL_CTX_newwc_ecc_make_key_ex
wolfSSL_CTX_load_verify_locationswc_ecc_sign_hash
wolfSSL_newwc_ecc_free
wolfSSL_set_fdwolfSSL_SetDevId
wolfSSL_connectwolfSSL_CTX_SetDevId
wolfSSL_readwolfSSL_CTX_SetEccSignCb
wolfSSL_writewolfSSL_CTX_use_certificate_chain_file
wolfSSL_get_errorwolfSSL_CTX_use_certificate_file
wolfSSL_shutdownwolfSSL_use_certificate_chain_file
wolfSSL_freewolfSSL_use_certificate_file
wolfSSL_CTX_freewolfSSL_CTX_use_PrivateKey_file
wolfSSL_check_domain_namewolfSSL_use_PrivateKey_file
wolfSSL_UseALPNwolfSSL_X509_load_certificate_file
wolfSSL_CTX_SetMinVersionwolfSSL_get_peer_certificate
wolfSSL_pendingwolfSSL_X509_NAME_oneline
wolfSSL_set_timeoutwolfSSL_X509_get_issuer_name
wolfSSL_CTX_set_timeoutwolfSSL_X509_get_subject_name
wolfSSL_get_sessionwolfSSL_X509_get_next_altname
wolfSSL_set_sessionwolfSSL_X509_notBefore
wolfSSL_flush_sessionswolfSSL_X509_notAfter
wolfSSL_CTX_set_session_cache_modewc_ecc_key_new
wolfSSL_get_sessionIDwc_ecc_key_free

We have added some testing to our already extensive testing plan to verify these functions do not change.

Given that the security landscape is an always changing surface, we want to make sure you are able to upgrade wolfSSL as easily as possible. There will always be some new attack on the protocol or a cipher and keeping wolfSSL up to date in your product is important to us, and for everyone. If you have questions about wolfSSL’s ABI compatibility, please email us at facts@wolfssl.com.