[WIP] DTLS 1.0 preliminary patches
nmav at gnutls.org
Wed Jul 29 23:10:02 CEST 2009
Simon Josefsson wrote:
>>>> Re 0004-Add-gnutls_session_datagram-function.patch: this just toggles
>>>> one way. DTLS is really a completely new protocol, not just a different
>>>> transport method for TLS. So maybe there should really be a new
>>>> function that replaces gnutls_init? How about gnutls_init_dtls? It
>>>> would return a gnutls_session_t for DTLS.
>> If there no issues in initialization the obvious place for me to be done
>> would be gnutls_priority_set() and gnutls_protocol_set_priority(). There
>> the actual version of the protocol that will be used is given and if
>> DTLS is there the function should act accordingly. That way the same API
>> can be used for both.
> Hm. Are you suggesting that DTLS should be enabled through a priority
> string? I kind of like that. I'm not sure it is sufficient -- some
> other functions called before the handshake may also want to know if
> DTLS or normal TLS is going to be used. Then the order of calls will
> matter -- i.e., if gnutls_priority_set("DTLS") is called before or after
> the call to this other API. So a gnutls_init_dtls seems safer to me.
I don't really know about that. What functionality would that be? For me
since DTLS is supposed to be just another version of TLS it feels it
should be configurable through the version interface. If multiple
functions initialization are needed for another variants it would be not
a nice API IMHO (it would be possible to initialize tls but specify TLS
1.2 through the priority api?). I thought initially that some extended
gnutls_init_ext() would be useful, but since we already have the
priority API I see no point in making a new API for that (unless of
course there is not alternative due to technical problems).
More information about the Gnutls-devel