[foaf-protocols] FW: DTLS in gnutls

peter williams home_pw at msn.com
Fri Mar 11 21:59:44 CET 2011


Webid IX gets to look at DTLS.

-----Original Message-----
From: gnutls-devel-bounces+home_pw=msn.com at gnu.org
[mailto:gnutls-devel-bounces+home_pw=msn.com at gnu.org] On Behalf Of Nikos
Mavrogiannopoulos
Sent: Friday, March 11, 2011 12:00 PM
To: GnuTLS development list
Cc: Jonathan Bastien-Filiatrault
Subject: DTLS in gnutls

Hello,
 It seems that gnutls in master repository includes a fully functional DTLS
1.0 (rfc4347) implementation. Kudos to Jonathan for creating the initial
functional implementation the current implementation was built on.

Due to DTLS' requirements for handshake, several parts of gnutls' handshake
subsystem were rewritten to allow maximum re-use between the two protocols
(TLS and DTLS). DTLS'
handshake is asynchronous meaning that it might operate even after
gnutls_handshake() is terminated (e.g. retransmit handshake packets lost by
the peer) and this requires substantial changes to how gnutls' functions can
be called in DTLS. Now I emulate the synchronous behavior of
gnutls_handshake() by waiting for few seconds for possible retransmissions
by peer, and this has the disadvantage of gnutls_handshake() taking a fixed
amount of seconds irrespective of calculations, but requires no semantic
changes in the rest of the functions (such as gnutls_record_recv()).

Another solution is to require a DTLS server/client to call
gnutls_record_recv() on every received record, even if he wasn't expecting
one for his application protocol and reserve a special error code to
indicate no data for application...


I don't like the latter change of semantics, but I cannot see any obvious
way of avoiding it... If you have suggestions or ideas please let me know.

best regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel at gnu.org
http://lists.gnu.org/mailman/listinfo/gnutls-devel



More information about the foaf-protocols mailing list