[WIP] DTLS 1.0 preliminary patches
Jonathan Bastien-Filiatrault
joe at x2a.org
Tue Jul 28 20:44:29 CEST 2009
Hello,
Being interested in DTLS and GnuTLS I have decided to try to implement
DTLS in the GnuTLS library.
I have managed to send a valid DTLS ClientHello using a modified GnuTLS
in a relatively non-intrusive way (but which may break the ABI since it
messes with existing enum values). The OpenSSL implementation responds
to this ClientHello with a HelloVerifyMessage and Wireshark considers
the packet valid DTLS.
You may find my patches at this URL: http://x2a.org/pub/dtls/
Unfortunately the lower end of the record layer and buffer/transport
layer seems rather messy to my untrained eye. I am having trouble
imagining implementing UDP buffering easely. I would need to buffer the
whole packet then iterate over the records contained within the packet.
The main problem seems to be layering violations between the handshake,
record and buffer layers. Would it be better if _gnutls_{recv,send}_int
dealt with whole records (and possibly return prematurely if more data
or buffer space is required) ? _gnutls_{recv,send}_int could also deal
with the SSLv2.0 record encapsulation. The handhake layer would
therefore deal with those two functions for sending/receiving from the
lower layer. The handshake layer buffering would also be moved to
gnutls_handshake.c.
Am I making any sense ?
http://lists.gnupg.org/pipermail/gnutls-dev/2005-May/000864.html
documents the previous attempt.
Comments, suggestions and insults welcome...
Cheers,
Jonathan
More information about the Gnutls-devel
mailing list