[WIP] DTLS 1.0 preliminary patches

Simon Josefsson simon at josefsson.org
Thu Jul 30 13:30:47 CEST 2009


Jonathan Bastien-Filiatrault <joe at x2a.org> writes:

> Nikos Mavrogiannopoulos wrote:
>
>> specific questions on functionality or purpose let me know...
>> 
>>>> Re 0002-Add-DTLS1.0-protocol-entry.patch: This breaks the API.  Can you
>>>> re-order the DTLS addition so it is after GNUTLS_TLS1_2 and add a '=
>>>> 100' after it so there is room for TLS 1.3 etc?  Also, please drop the
>>>> GNUTLS_DTLS1 mapping, I think it helps to be specific about version
>>>> numbers at all places.  I think this patch could be added quickly
>>>> without problem.
>>> Alright, but DTLS1.0 needs to be sandwiched between TLS1.1 and TLS1.2,
>>> mostly for ver < GNUTLS_TLS1_2 checks. Since TLS1.2 is still
>>> experimental, could this breakage be tolerated ? I am wide open for a
>>> suggestions in this case...
>> 
>> In general I'd agree with simon that DTLS should be distinct from
>> TLSx.y. For the specific tests maybe we should move those into
>> designated functions such as if (_check_for_feature_xyz(tlsversion)) {
>> ... }. And a more complex matching algorithm will be present there.
>> 
>
> So in _gnutls_finished the ver < GNUTLS_TLS1_2 checks would become
> something like !_gnutls_has_selectable_prf(session) ?
>
> I suggest putting such functions in gnutls_algorithms.c. Any objections ?

Yes.  We could apply this directly, it makes the code more clear.

> Side note: I have setup a public git repository for your viewing pleasure.
>
> cgit URL: http://x2a.org/git/gnutls/
> pull URL: git://x2a.org/gnutls.git
>
> WARNING: the dtls-wip branch is regularly rebased, do not use for any
> permanent merging or cherry-picking.

Great.

/Simon





More information about the Gnutls-devel mailing list