[WIP] DTLS 1.0 preliminary patches
Jonathan Bastien-Filiatrault
joe at x2a.org
Thu Jul 30 01:55:10 CEST 2009
Nikos Mavrogiannopoulos wrote:
> specific questions on functionality or purpose let me know...
>
>>> Re 0002-Add-DTLS1.0-protocol-entry.patch: This breaks the API. Can you
>>> re-order the DTLS addition so it is after GNUTLS_TLS1_2 and add a '=
>>> 100' after it so there is room for TLS 1.3 etc? Also, please drop the
>>> GNUTLS_DTLS1 mapping, I think it helps to be specific about version
>>> numbers at all places. I think this patch could be added quickly
>>> without problem.
>> Alright, but DTLS1.0 needs to be sandwiched between TLS1.1 and TLS1.2,
>> mostly for ver < GNUTLS_TLS1_2 checks. Since TLS1.2 is still
>> experimental, could this breakage be tolerated ? I am wide open for a
>> suggestions in this case...
>
> In general I'd agree with simon that DTLS should be distinct from
> TLSx.y. For the specific tests maybe we should move those into
> designated functions such as if (_check_for_feature_xyz(tlsversion)) {
> ... }. And a more complex matching algorithm will be present there.
>
So in _gnutls_finished the ver < GNUTLS_TLS1_2 checks would become
something like !_gnutls_has_selectable_prf(session) ?
I suggest putting such functions in gnutls_algorithms.c. Any objections ?
Side note: I have setup a public git repository for your viewing pleasure.
cgit URL: http://x2a.org/git/gnutls/
pull URL: git://x2a.org/gnutls.git
WARNING: the dtls-wip branch is regularly rebased, do not use for any
permanent merging or cherry-picking.
Cheers,
Jonathan
More information about the Gnutls-devel
mailing list