[openssl-users] DTLS without sockets (or at least an unconnected socket)
Florian Weimer
fweimer at redhat.com
Tue Apr 14 19:24:13 UTC 2015
On 04/14/2015 09:02 PM, Matt Caswell wrote:
>
>
> On 14/04/15 19:45, Florian Weimer wrote:
>> Is it possible to use DTLS with some sort of non-socket BIO?
>>
>> Basically, I have datagrams which I know belong to a specific DTLS
>> session, and I want to feed them to OpenSSL and get back further
>> datagrams to send out in response. (This is similar to what SSLEngine
>> does in OpenJDK, except there it's for plain TLS.)
>
> DTLS currently supports UDP and SCTP for the underlying BIO. In theory
> you could implement your own BIO to do whatever you want but it would
> have to support the BIO ctrls that DTLS uses - see
> crypto/bio/bss_dgram.c (in particular the dgram_ctrl and dgram_sctp_ctrl
> functions)
Interesting. Is this part of the public API?
>> An example how to establish a DTLS session with multiple peers over an
>> unconnected socket would help, too.
>>
>
> To do that you need to use DTLSv1_listen(). I recently wrote a man page
> for this function, but it hasn't hit the repo yet. Attached FYI.
Thanks. DTLSv1_listen is very odd because it has a socket address as an
“out” parameter, but no socket address length as an “in/out” argument.
It doesn't seem very transport-agnostic, either.
--
Florian Weimer / Red Hat Product Security
More information about the openssl-users
mailing list