[Help-gnutls] TLS and SCTP
Sebastien Decugis
sdecugis at nict.go.jp
Wed Jul 30 11:24:19 CEST 2008
Hello,
I am trying to implement TLS over a SCTP association with multiple
streams (the final goal is to make an open-source implementation of
Diameter).
From RFC 3436, it is told that each pair of (bi-directional) stream is
an independent TLS session (separate handshake, and so on). The
remaining streams have no TLS protection, and will therefore not be used
in my implementation.
I understand how to specify my own transport-layer handlers in GNU TLS
with the set_push_function and set_pull_function, but I think it is not
sufficient support to handle the TLS over the multiple streams as
expected. We can create a wrapper function to send data on a specific
stream, but not to receive only from a given stream. The logic must be:
we receive a message, we can retrieve its stream number, and then we
know the TLS context (session) this message belongs to. I cannot see a
way to achieve this with the API of gnutls.
Has someone ran into this issue already and could give me some hints /
pointers? The only workaround I can see yet is to use only 1 stream in
my SCTP association, but this is not very satisfactory...
Thank you in advance!
Best regards,
Sebastien.
<http://www.gnu.org/software/gnutls/manual/html_node/gnutls_005ftransport_005fset_005fpush_005ffunction.html#gnutls_005ftransport_005fset_005fpush_005ffunction>
--
Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)
More information about the Gnutls-help
mailing list