Application Conversion Guide for SASLv2

This documents our conversion experience with Cyrus IMAPd, an application that uses almost every part of SASL, so it should give a good idea what caveats need to be looked for when one is converting an application which uses SASLv1 to use SASLv2.

The major changes in the SASLv2 API have to do with memory management. That is, the rule "If you allocate it, you free it" is now enforced. That means that if the application allocates something (for example, an interaction or callback response), it must free it. Likewise, the application does NOT free anything handed to it by the SASL library, such as responses given by sasl_client_step or sasl_decode.