[gnutls-dev] Re: Intent to implement DTLS

Guus Sliepen guus at sliepen.eu.org
Sat May 7 17:18:22 CEST 2005


On Sat, May 07, 2005 at 04:54:12PM +0200, Simon Josefsson wrote:

> > I would welcome CVS write access, but otherwise I'll send patches.
> 
> I think that can be arranged, but it might be simpler to wait until
> you have something that sort of work.  It would have to be added to a
> branch anyway initially, so you could copy our CVS tree and set up a
> local CVS mirror to play with meanwhile.

Ok.

> > If you have suggestions about how to proceed, please tell me.
> 
> I'd suggest a high-level approach like this:
> 
> 1. Implement it grossly, possibly modifying existing functions, until
>    it interoperate with OpenSSL.
> 
> 2. Building on what you've learned doing 1, write up a suggestion of
>    what you think a clean API would be and post it here.  Try not to
>    think about how you would actually implement that API, but rather
>    how it would be used.  Perhaps some discussion at this point.
> 
> 3. Change the code to implement the clean API.

Sounds like a good idea. But of course I have already looked at the
GNUTLS source and I already have a suggestion for an API. Since the
difference between TLS and DTLS is the transport layer (TCP vs. UDP), I
would suggest adding the following enum and function calls:

typedef enum gnutls_transport_type {
	GNUTLS_TRANSPORT_TYPE_STREAM = 1,
	GNUTLS_TRANSPORT_TYPE_DATAGRAM,
} gnutls_transport_type;

void gnutls_transport_set_type(gnutls_session session, gnutls_transport_type type); 
gnutls_transport_type gnutls_transport_get_type(gnutls_session session);

Of course the transport type will default to
GNUTLS_TRANSPORT_TYPE_STREAM, but it can be changed after gnutls_init()
but not after the first gnutls_handshake(). Apart from this the only
necessary addition to the API that I forsee is a function call to deal
with the retransmit timers necessary for DTLS.

> > Also, I will be working on this in spare time, help is appreciated.
> 
> I'll cheer you on, and will try to assist with testing etc, but will
> probably have little time to code.  The last might change, I have
> mentioned DTLS support as a useful project to some people.

Great!

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050507/11817f09/attachment.pgp


More information about the Gnutls-dev mailing list