[WIP] DTLS 1.0 preliminary patches

Jonathan Bastien-Filiatrault joe at x2a.org
Thu Jul 30 01:55:10 CEST 2009


Nikos Mavrogiannopoulos wrote:

> specific questions on functionality or purpose let me know...
> 
>>> Re 0002-Add-DTLS1.0-protocol-entry.patch: This breaks the API.  Can you
>>> re-order the DTLS addition so it is after GNUTLS_TLS1_2 and add a '=
>>> 100' after it so there is room for TLS 1.3 etc?  Also, please drop the
>>> GNUTLS_DTLS1 mapping, I think it helps to be specific about version
>>> numbers at all places.  I think this patch could be added quickly
>>> without problem.
>> Alright, but DTLS1.0 needs to be sandwiched between TLS1.1 and TLS1.2,
>> mostly for ver < GNUTLS_TLS1_2 checks. Since TLS1.2 is still
>> experimental, could this breakage be tolerated ? I am wide open for a
>> suggestions in this case...
> 
> In general I'd agree with simon that DTLS should be distinct from
> TLSx.y. For the specific tests maybe we should move those into
> designated functions such as if (_check_for_feature_xyz(tlsversion)) {
> ... }. And a more complex matching algorithm will be present there.
> 

So in _gnutls_finished the ver < GNUTLS_TLS1_2 checks would become
something like !_gnutls_has_selectable_prf(session) ?

I suggest putting such functions in gnutls_algorithms.c. Any objections ?

Side note: I have setup a public git repository for your viewing pleasure.

cgit URL: http://x2a.org/git/gnutls/
pull URL: git://x2a.org/gnutls.git

WARNING: the dtls-wip branch is regularly rebased, do not use for any
permanent merging or cherry-picking.

Cheers,
Jonathan





More information about the Gnutls-devel mailing list