[WIP] DTLS 1.0 preliminary patches

Jonathan Bastien-Filiatrault joe at x2a.org
Tue Jul 28 20:44:29 CEST 2009


Hello,

Being interested in DTLS and GnuTLS I have decided to try to implement 
DTLS in the GnuTLS library.

I have managed to send a valid DTLS ClientHello using a modified GnuTLS 
in a relatively non-intrusive way (but which may break the ABI since it 
messes with existing enum values). The OpenSSL implementation responds 
to this ClientHello with a HelloVerifyMessage and Wireshark considers 
the packet valid DTLS.

You may find my patches at this URL: http://x2a.org/pub/dtls/

Unfortunately the lower end of the record layer and buffer/transport 
layer seems rather messy to my untrained eye. I am having trouble 
imagining implementing UDP buffering easely. I would need to buffer the 
whole packet then iterate over the records contained within the packet.

The main problem seems to be layering violations between the handshake, 
record and buffer layers. Would it be better if _gnutls_{recv,send}_int 
dealt with whole records (and possibly return prematurely if more data 
or buffer space is required) ? _gnutls_{recv,send}_int could also deal 
with the SSLv2.0 record encapsulation. The handhake layer would 
therefore deal with those two functions for sending/receiving from the 
lower layer. The handshake layer buffering would also be moved to 
gnutls_handshake.c.

Am I making any sense ?

http://lists.gnupg.org/pipermail/gnutls-dev/2005-May/000864.html 
documents the previous attempt.

Comments, suggestions and insults welcome...
Cheers,
Jonathan





More information about the Gnutls-devel mailing list