[gnutls-dev] Re: Intent to implement DTLS

[Simon Josefsson]

Guus Sliepen <guus at sliepen.eu.org> writes:

> Implementing it will be a bit harder than I thought at first sight. The
> problem is that internally, GNUTLS has no clear seperation between the
> layers involved in TLS, and it is heavily biased towards TCP. This
> combination is a disaster for me :). I see two ways to proceed.

Ouch.

> 1) Create copies of all handshake, record and transport layer functions
> and modify them to do DTLS instead of TLS. This means lots of code
> duplication, but at least it won't mess with the existing code.
>
> 2) "Fix" the current code by (re)introducing a clean separation between
> the handshake, record and transport layer, and remove the bias towards
> TCP. This means adding DTLS on top of it will be painless and there
> won't be lots of code duplication.  However it will touch a lot of
> existing code.
>
> I strongly favour the second way, but if that means the chances of
> having it merged are nihil, I'll go with the first way.

I would not want to have the 1) situation.  Duplicated code is painful
to maintain.  I don't know how deep the modifications 2) would be, but
I'd vote for going that route too, even if it mean more work
initially.  Perhaps Nikos has more input.

/Simon