Trunnel can generate code in "opaque mode" that hides all structure definitions and forces you to use accessor functions. In his review of #12498, dgoulet points out that I am a bit sloppy with using accessors for trunnel structures.

IMO, we should decide whether our coding style requires the use of accessors. I hadn't thought that it did, but if we make that decisions, we should force accessor use by making structures opaque.

My two cents on that. One of the point of using trunnel is to have "safe object manipulation functions". We define a data structure with a simple syntax and then trunnel takes care of creating safe accessors along with safe parsing/encoding functions and the C ABI.

Not using those very thoroughly makes trunnel half useful here and possibly dangerous in case of a typo or wrong constant used in a memcpy(). Using trunnel avoids human mistake like putting 32 instead of 16 as a length.

Downside is that the API of trunnel is cast in stone for a tor release but that's fine I think since it's self contained in the code base. Opaque object also makes it much more easier to handle ABI changes since you can route a deprecated API call to the new one.

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

Duplicate of #20918, which has patches.

